[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]



 
                 DHS ACQUISITION MANAGEMENT CHALLENGES: 

                  SOLUTIONS FOR SAVING TAXPAYER DOLLARS
=======================================================================



                                HEARING

                               before the

                       SUBCOMMITTEE ON OVERSIGHT,

                     INVESTIGATIONS, AND MANAGEMENT

                                 of the

                     COMMITTEE ON HOMELAND SECURITY

                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED TWELFTH CONGRESS

                             SECOND SESSION

                               __________

                           SEPTEMBER 21, 2012

                               __________

                           Serial No. 112-120

                               __________

       Printed for the use of the Committee on Homeland Security
                                     

[GRAPHIC] [TIFF OMITTED] 



      Available via the World Wide Web: http://www.gpo.gov/fdsys/

                               __________




                  U.S. GOVERNMENT PRINTING OFFICE
81-129                    WASHINGTON : 2013
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001



                     COMMITTEE ON HOMELAND SECURITY

                   Peter T. King, New York, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Daniel E. Lungren, California        Loretta Sanchez, California
Mike Rogers, Alabama                 Sheila Jackson Lee, Texas
Michael T. McCaul, Texas             Henry Cuellar, Texas
Gus M. Bilirakis, Florida            Yvette D. Clarke, New York
Paul C. Broun, Georgia               Laura Richardson, California
Candice S. Miller, Michigan          Danny K. Davis, Illinois
Tim Walberg, Michigan                Brian Higgins, New York
Chip Cravaack, Minnesota             Cedric L. Richmond, Louisiana
Joe Walsh, Illinois                  Hansen Clarke, Michigan
Patrick Meehan, Pennsylvania         William R. Keating, Massachusetts
Ben Quayle, Arizona                  Kathleen C. Hochul, New York
Scott Rigell, Virginia               Janice Hahn, California
Billy Long, Missouri                 Ron Barber, Arizona
Jeff Duncan, South Carolina
Tom Marino, Pennsylvania
Blake Farenthold, Texas
Robert L. Turner, New York
            Michael J. Russell, Staff Director/Chief Counsel
               Kerry Ann Watkins, Senior Policy Director
                    Michael S. Twinchek, Chief Clerk
                I. Lanier Avant, Minority Staff Director
                                 ------                                

       SUBCOMMITTEE ON OVERSIGHT, INVESTIGATIONS, AND MANAGEMENT

                   Michael T. McCaul, Texas, Chairman
Gus M. Bilirakis, Florida            William R. Keating, Massachusetts
Billy Long, Missouri, Vice Chair     Yvette D. Clarke, New York
Jeff Duncan, South Carolina          Danny K. Davis, Illinois
Tom Marino, Pennsylvania             Bennie G. Thompson, Mississippi 
Peter T. King, New York (Ex              (Ex Officio)
    Officio)
                  Dr. R. Nick Palarino, Staff Director
                   Diana Bergwin, Subcommittee Clerk
              Tamla Scott, Minority Subcommittee Director



                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable Michael T. McCaul, a Representative in Congress 
  From the State of Texas, and Chairman, Subcommittee on 
  Oversight, Investigations, and Management:
  Oral Statement.................................................     1
  Prepared Statement.............................................     3
The Honorable William R. Keating, a Representative in Congress 
  From the State of Massachusetts, and Ranking Member, 
  Subcommittee on Oversight, Investigations, and Management......     4

                               Witnesses

Mr. John Hutton, Director, Acquisition and Sourcing Management, 
  Government Accountability Office:
  Oral Statement.................................................     7
  Prepared Statement.............................................     9
Mr. Nick Nayak, Chief Procurement Officer, Department of Homeland 
  Security:
  Oral Statement.................................................    11
  Joint Prepared Statement.......................................    13
Mr. Mark Borkowski, Assistant Commissioner, Office of Technology 
  Innovation and Acquisition, Customs and Border Protection, 
  Department of Homeland Security:
  Oral Statement.................................................    14
  Joint Prepared Statement.......................................    13
Ms. Karen Shelton Waters, Assistant Administrator, Office of 
  Acquisition, Transportation Security Administration, Department 
  of Homeland Security:
  Oral Statement.................................................    16
  Joint Prepared Statement.......................................    13

                             For the Record

The Honorable Michael T. McCaul, a Representative in Congress 
  From the State of Texas, and Chairman, Subcommittee on 
  Oversight, Investigations, and Management:
  Letter From Chairman Michael T. McCaul to Hon. Janet Napolitano     5

                                Appendix

Question From Chairman Michael T. McCaul for John Hutton.........    33
Question From Ranking Member William R. Keating for John Hutton..    33
Questions From Chairman Michael T. McCaul for Nick Nayak.........    34
Question From Ranking Member William R. Keating for Nick Nayak...    36
Questions From Chairman Michael T. McCaul for Karen Shelton 
  Waters.........................................................    37
Question From Ranking Member William R. Keating for Karen Shelton 
  Waters.........................................................    38
Question From Ranking Member William R. Keating for Mark 
  Borkowski......................................................    39



 DHS ACQUISITION MANAGEMENT CHALLENGES: SOLUTIONS FOR SAVING TAXPAYER 
                                DOLLARS

                              ----------                              


                       Friday, September 21, 2012

             U.S. House of Representatives,
    Subcommittee on Oversight, Investigations, and 
                                        Management,
                            Committee on Homeland Security,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 9:05 a.m., in 
Room 311, Cannon House Office Building, Hon. Michael T. McCaul 
[Chairman of the subcommittee] presiding.
    Present: Representatives McCaul and Keating.
    Mr. McCaul. The committee will come to order.
    I believe this is the 21st hearing this subcommittee has 
held, which may be a record in the Congress. I want to thank my 
Ranking Member for being so patient with all these hearings and 
for your great bipartisanship, and it has been a real honor to 
work with you. I would say this may be our last hearing, but I 
do think we have one more that possibly may be scheduled, but 
it has been a real honor to serve with you.
    I now recognize myself for an opening statement.
    Billions of taxpayer dollars have been put at high risk, 
and multiple key security programs do not fully meet the 
Department of Homeland Security's needs because DHS senior 
leadership is failing to hold acquisition programs accountable.
    DHS's major acquisition programs play a critical role in 
protecting the homeland. They include surveillance systems, 
watching for terrorists and drug traffickers along our borders, 
and machines screening airport passengers for explosives and 
other deadly threats, among other programs. These programs 
represent a significant investment for the American taxpayer.
    In 2011, DHS reported to Congress that its current major 
acquisition programs would cost taxpayers a total of $167 
billion to field in the coming years. Unfortunately, a new 
report from the Government Accountability Office raises serious 
concerns about whether the Department is effectively managing 
these major acquisitions.
    To its credit, DHS issued a policy in 2008 intended to 
ensure acquisition programs demonstrate critical knowledge at 
key points in the life cycle of a program. Such a knowledge-
based approach is often used by leading commercial firms and 
successful programs to mitigate risk and help ensure a sound 
investment. In essence, the higher the level of knowledge 
attained at the outset about how a technology is designed and 
how it operates in real-world environments, the lower the risk 
to the program and, in that case, the taxpayer.
    However, GAO found that the DHS senior leaders rarely hold 
programs accountable to this policy, and out of 49 programs 
reviewed by DHS leadership 43 were allowed to move forward with 
developments even though they had not adhered to the DHS's own 
policy. Out of 71 programs reviewed by GAO, only four adhered 
to DHS's policy, and over 30 programs had none of the 
documentation required to demonstrate this critical knowledge.
    These programs include some of the Department's most 
important initiatives, such as TSA's Transportation Worker 
Identification Credential, created to ensure that individuals 
who pose a threat do not gain unescorted access to our Nation's 
ports, and CBP's Strategic Air and Marine Plan, intended to 
help CBP prevent terrorists, drugs, and other contraband from 
entering the country. This lack of accountability, in my 
judgment, is unacceptable.
    Earlier this year, GAO also reported that TSA did not fully 
follow DHS's acquisition policy when acquiring its Advanced 
Imaging Technology or full-bodied scanners. Touted as a key 
security layer, AIT is intended to use cutting-edge technology 
to identify threats that may not be picked up by magnetometers 
or other security layers. According to GAO, DHS has approved 
deployment of these machines without fully knowing TSA's 
revised specifications. As a result, over 670 machines have 
been fielded that did not meet requirements that the Department 
initially determined were necessary to protect the aviation 
system. Then there are examples like CBP's Secure Border 
Initiative Network, or SBInet, and TSA's explosive trace portal 
program, known as the puffers, where taxpayers received little 
to no return on their sizable investment.
    These examples are very concerning. It seems like the 
Department's senior leadership is missing in action when it 
comes to effectively managing DHS. Why have an acquisition 
policy if the Department has no intention of enforcing it? A 
policy, even a good one, that incorporates best practices isn't 
worth the paper it is printed on if it isn't enforced and 
doesn't lead to positive outcomes.
    The results of these management failures are programs that 
are delivered late, cost more, and do less than expected. For 
example, costs in 16 programs increased 166 percent in only 3 
years. Only one-third of the programs had Department-approved 
baselines, documentation essential for measuring cost growth.
    For the two-thirds lacking this documentation, DHS doesn't 
even have the data needed to measure whether cost growth in 
these programs exists; and these programs include CBP's 
nonintrusive inspection systems designed to detect contraband, 
such as weapons and nuclear materials, and TSA's electronic 
baggage screening program used to protect the aviation system 
from threats in checked baggage, among others. The total price 
tag for these unaccountable programs is about $100 billion.
    In total, almost all of the programs GAO reviewed faced 
significant challenges. DHS has initiatives under way to try 
and improve its acquisition outcomes such as its Centers of 
Excellence, intended to leverage acquisition, knowledge, and 
expertise across components, and Decision Support Tool, 
designed to consolidate key program information to allow DHS 
senior leaders to make better decisions.
    But we need solutions now, not years down the road. These 
issues could result in two options: Fewer resources to protect 
our homeland now or bankrolling these failures on the backs of 
future generations. Neither of these options is acceptable. The 
brave men and women defending our borders, protecting our 
airports, and patrolling our shores deserve better; and the 
American taxpayer deserves better. So this hearing will examine 
why these challenges exist and what DHS needs to do to fix 
these problems.
    So I want to also just end by saying, I don't want this to 
be a ``gotcha'' hearing; I don't want this to be a hearing that 
points only at failures; I want this to seriously be a 
constructive hearing to look at and examine the policies and 
how this committee, the Congress, can help you in doing a 
better job in protecting the American people.
    [The statement of Chairman McCaul follows:]
            Prepared Statement of Chairman Michael T. McCaul
                           September 21, 2012
    Billions of taxpayer dollars have been continually put at high risk 
and multiple key security programs do not fully meet the Department of 
Homeland Security's needs because DHS senior leadership is failing to 
hold acquisition programs accountable.
    DHS major acquisition programs play a critical role in protecting 
the homeland. They include surveillance systems watching for terrorists 
and drug traffickers along our borders and machines screening airport 
passengers for explosives and other deadly threats, among other 
programs. These programs represent a significant investment for the 
American taxpayer.
    In 2011, DHS reported to Congress that its current major 
acquisition programs will cost taxpayers a total of $167 billion to 
field in the coming years. Unfortunately, a new report from the 
Government Accountability Office (GAO) raises serious concerns about 
whether the Department is effectively managing these major 
acquisitions.
    To its credit, DHS issued a policy in 2008 intended to ensure 
acquisition programs demonstrate critical knowledge at key points in 
the life cycle of a program. Such a ``knowledge-based'' approach is 
often used by leading commercial firms and successful programs to 
mitigate risk and help ensure a sound investment.
    In essence, the higher the level of knowledge attained at the 
outset about how a technology is designed and how it operates in real-
world environments, the lower the risk to the program and, in this 
case, the taxpayer.
    However, GAO found that DHS senior leaders rarely hold programs 
accountable to this policy. Out of 49 programs reviewed by DHS 
leadership, 43 were allowed to move forward with development even 
though they had not adhered to DHS's policy. Out of 71 programs 
reviewed by GAO, only 4 adhered to DHS's policy; and over 30 programs 
had none of the documentation required to demonstrate this critical 
knowledge.
    These programs include some of the Department's most important 
initiatives, such as TSA's Transportation Worker Identification 
Credential--created to ensure individuals who pose a threat do not gain 
unescorted access to our Nation's ports and CBP's Strategic Air and 
Marine Plan--intended to help CBP prevent terrorists, drugs, and other 
contraband from entering the country. This lack of accountability is 
unacceptable.
    Earlier this year, GAO also reported that TSA did not fully follow 
DHS acquisition policy when acquiring its Advanced Imaging Technology 
or full-body scanners. Touted as a key security layer, AIT is intended 
to use cutting-edge technology to identify threats that may not be 
picked up by magnetometers or other security layers. According to GAO, 
DHS approved deployment of these machines without fully knowing TSA's 
revised specifications. As a result, over 670 machines have been 
fielded that did not meet requirements that the Department initially 
determined were necessary to protect the aviation system.
    Then there are examples like CBP's Secure Border Initiative Network 
or SBInet and TSA's Explosive Trace Portal program known as ``the 
puffers'' where taxpayers received little to no return on their sizable 
investment.
    These examples are very concerning. It seems like the Department's 
senior leadership is ``MIA--missing in action'' when it comes to 
effectively managing DHS. Why have an acquisition policy if the 
Department has no intention of enforcing it? A policy--even a good one 
that incorporates best practices--isn't worth the paper it's printed on 
if it isn't enforced and doesn't lead to positive outcomes.
    The results of these management failures are programs that are 
delivered late, cost more, and do less than expected. For example, 
costs in 16 programs increased 166 percent in only 3 years. Only one-
third of the programs had Department-approved baselines--documentation 
essential for measuring cost growth.
    For the two-thirds lacking this documentation, DHS doesn't even 
have the data needed to measure whether cost growth in these programs 
exists. These programs include CBP's Non-Intrusive Inspection Systems--
designed to detect contraband, such as weapons and nuclear materials, 
and TSA's Electronic Baggage Screening Program--used to protect the 
aviation system from threats in checked baggage, among others. The 
total price tag for these ``unaccountable'' programs: About $100 
billion. In total, almost all the programs GAO reviewed faced 
significant challenges.
    DHS has initiatives underway to try and improve its acquisition 
outcomes, such as its Centers of Excellence intended to leverage 
acquisition knowledge and expertise across components, and Decision 
Support Tool designed to consolidate key program information to allow 
DHS senior leaders to make better decisions, among other initiatives.
    But we need solutions now, not years down the road. These issues 
could result in two options: Fewer resources to protect our homeland 
now or bankrolling these failures on the backs of future generations. 
Neither of these options is acceptable. The brave men and women 
defending our borders, protecting our airports, and patrolling our 
shores deserve better. The American taxpayer deserves better. This 
hearing will examine why these challenges exist and what DHS needs to 
do to fix these problems.

    Mr. McCaul. With that, I now recognize the Ranking Member, 
Mr. Keating.
    Mr. Keating. Thank you, Mr. Chairman.
    Twenty-one meetings is quite a few, and although we have 
come at many of the issues from different angles, I must say 
that this subcommittee has, I think, set a good standard of 
working together in our shared interest in trying to keep our 
country safe and to do it as efficiently as possible. I think 
we both share the common thread of all those hearings that we 
have to do something about the fragmented nature of the way 
this agency is set up, and in that measure Congress deserves a 
large degree of the responsibility for going forward with that, 
too. So I thank you, Mr. Chairman; and I thank our witnesses 
for their participation.
    In fiscal year, 2011 the Department spent over $14 billion 
on goods and services, which was over one-fourth of its budget. 
Moreover, the Department processed some 100,000 transactions to 
support Homeland Security missions in fiscal year 2011. Given 
these large figures, it is crucial for the Office of the Chief 
Procurement Officer to ensure both rigorous oversight over its 
procurement policies and procedures and effective communication 
with key component agency officials and designated personnel. A 
clear procurement policy from the Department and accompanying 
guidance to implement procurement procedures are also necessary 
to avoid instances of duplication and waste.
    GAO's recent report regarding the Department's procurement 
oversight initiatives rightly criticized the Office of the 
Chief Procurement Officer for not adequately communicating with 
or preparing component agency officials and personnel for 
completing procurement-related self-assessments or other 
program requirements, for that matter.
    I look forward to hearing from the witnesses about the 
actions of the Department, what they are doing to ensure that 
the component agencies are aware of what is expected of their 
personnel assigned and conducted their own personal oversight.
    I also want to learn more from the witnesses about actions 
being taken by the Department to prevent future occurrences of 
noted failed procurement programs, including FPS's risk 
assessment and management tool, TSA's puffer passenger 
screening program, and the Office of Health Affairs' BioWatch 
and SBInet.
    In addition, I am particularly interested in hearing from 
the witnesses about the impact that strategic sourcing has had 
on procurement at the Department and the training and outreach 
that has been offered to component personnel.
    Finally, I would be interested to hear what measures the 
Office of the Chief Procurement Officer has undertaken to 
protect the ability of small, minority, and women-owned and 
other disadvantaged businesses to continued competing for 
contracting opportunities given that strategic sourcing is 
becoming--is, rather, being promoted across the Department and 
throughout the entire Federal Government.
    With that, I look forward to today's hearing and yield back 
my time.
    Mr. McCaul. I thank the Ranking Member.
    Before I introduce the witnesses, I do want to state for 
the record that over 100 days ago this subcommittee requested 
information from the Secretary, Secretary Napolitano, on 
information related to DHS's conferences, to examine that in 
our oversight functions, just as the GSA had their issues. We 
have not received a response. We have followed up with a second 
letter earlier this week.
    I would like to enter that letter into the record, and I 
hope the Secretary hears this and responds to that letter.
    [The information follows:]
    Letter From Chairman Michael T. McCaul to Hon. Janet Napolitano
                                September 19, 2012.
The Honorable Janet Napolitano,
Secretary, Department of Homeland Security, Washington, DC 20528.
    Dear Secretary Napolitano: On April 27, 2012, the Subcommittee on 
Oversight, Investigations, and Management requested the Under Secretary 
for Management provide information regarding National and international 
conferences attended by Department of Homeland Security personnel. This 
request was straightforward and limited in scope. It asked for 
information on the name, location, and cost (including reimbursement of 
personnel) of conferences held in fiscal year 2011 both Nationally and 
internationally for a sample of the components within the Department. 
As the third-largest Department in the Federal Government with an 
annual budget of almost $60 billion, this information should not be 
difficult to obtain. We asked that the information be provided no later 
than May 31, 2012.
    Over 100 business days have since passed and our subcommittee has 
yet to receive this information despite promises from your staff that 
the information is being compiled. This is truly unacceptable. The 
silence from your Department on this issue is deafening. The 
Department's dereliction in providing this information raises a simple 
question: What does DHS have to hide on its participation in these 
conferences? The American people's faith in Government was severely 
shaken when the Inspector General at the General Services 
Administration (GSA) reported egregious waste and abuse of taxpayer 
dollars. Lavish spending on conferences within GSA demonstrated a 
culture of waste and misuse of power. Our request, made on behalf of 
the taxpayers for whom we serve, is intended to ensure such a culture 
does not exist at DHS. Unfortunately, your Department's failure to 
provide our requested information leaves this question very much in 
doubt.
    Upon his inauguration, President Obama pledged that his 
administration would usher in a new era of transparency. From 
inadequate answers on DHS's role in Operation Fast and Furious, 
sidestepping Congress on the administration's policy to allow 
foreigners, even members of terrorist organizations, into the United 
States, and failure to provide DHS witnesses at important Congressional 
hearings, this is just the latest example demonstrating how your 
Department has not lived up to the important expectation of an open and 
accountable Government.
    Finally, if the delay in providing this information is due to 
difficulties in obtaining it, I question how the Department can be 
entrusted with managing complex acquisition and procurement programs 
worth billions in taxpayer dollars. DHS's inability to track and 
maintain routine data on personnel travel and conferences could be 
symptomatic of negligence in managing other aspects of the Department 
that have a direct impact on DHS's ability to protect the homeland. If 
your Department cannot immediately provide the subcommittee with our 
requested information, we will explore more formal ways to obtain it.
    Your staff may contact Dr. R. Nicholas Palarino, Subcommittee Staff 
Director for Oversight, Investigations, and Management to discuss these 
issues.
            Sincerely,
                                         Michael T. McCaul,
          Chairman, Subcommittee on Oversight, Investigations, and 
                                                        Management.

    Mr. McCaul. With that, let me introduce Mr. John Hutton, 
Director at the U.S. Government Accountability Office, working 
for the Acquisition and Sourcing Management team. He provides 
direct support to Congressional committees and Members on a 
range of acquisition and sourcing issues aimed at improving the 
ability of Federal agencies to buy products and services 
efficiently and effectively. Throughout his more than 30 years 
at the GAO, he has led reviews on numerous issues, including 
Iraq and Afghanistan reconstruction and U.S. and Mexico border 
infrastructure, which I would be very interested to hear about, 
Mr. Hutton. I am very much interested in those areas.
    Next, we have Dr. Nick Nayak, who tells me he is pro-Texan. 
He is not from Texas, but he wants to move to Texas at some 
point.
    I think that is what you told me, correct?
    Mr. Nayak. Right.
    Mr. McCaul. He is the chief procurement officer at the 
Department of Homeland Security, and prior to coming to DHS Mr. 
Nayak served as deputy director for the IRS Procurement. Before 
rising to deputy director for IRS Procurement, Mr. Nayak served 
in several high-impact leadership positions in the IRS.
    While I do appreciate your pro-Texas views, that may not 
get you off the hook completely from my questions.
    Mr. Nayak. Happy to be on there.
    Mr. McCaul. Next, we have Mr. Mark Borkowski--who I have 
known for quite some time now. We have been down to the border 
together, and I think he has made great progress in some areas 
with respect to the border. Perhaps we will hear about that 
today--assistant commissioner for the Office of Technology 
Innovation and Acquisition with the U.S. Customs and Border 
Protection. He is responsible for ensuring technology efforts 
are properly focused on mission and well integrated across CBP 
for strengthening effectiveness in acquisition and program 
management.
    In addition to being the assistant commissioner, Mr. 
Borkowski serves as CBP's component acquisition executive. He 
has also served 23 years on active duty in the United States 
Air Force, and we sure do appreciate your service in the Air 
Force.
    Last, we have Ms. Karen Shelton Waters, who is the 
assistant administrator for the Office of Acquisition at the 
Transportation Security Administration. Ms. Waters is TSA's 
component acquisition executive responsible for managing and 
overseeing TSA acquisition programs that are deployed to 
airports Nation-wide and the agency's contracting workforce. 
Prior to joining TSA, Ms. Waters served as director of the 
Administrative Services Division for the U.S. Department of 
Agriculture's Food Safety and Inspection Service.
    So I want to thank all of you for being here today; and, 
with that, I now recognize Mr. Hutton for his testimony.

 STATEMENT OF JOHN HUTTON, DIRECTOR, ACQUISITION AND SOURCING 
          MANAGEMENT, GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Hutton. Thank you. Chairman McCaul, Ranking Member 
Keating, and Members of the subcommittee, thank you for 
inviting me here today to discuss investment management at the 
Department of Homeland Security.
    DHS invests extensively in major acquisition programs to 
help the Department execute its many critical missions. It is 
acquiring systems to help secure the border, screen travelers, 
enhance cybersecurity, and execute a wide variety of other 
operations.
    In 2011, DHS reported to Congress that it planned to invest 
$167 billion in these major acquisition programs. In fiscal 
year 2012 alone, DHS reports investing about $18 billion. 
However, we have previously reported that DHS has not managed 
its investments effectively, and its acquisition management 
activities have been highlighted on GAO's high-risk list since 
2005.
    Earlier this week, as you know, we issued a new report that 
focused on the Department's acquisition governance process, and 
I would like to highlight three points here today.
    First, most of DHS's major acquisition programs have faced 
challenges that increase the risk of poor outcomes. Earlier 
this year, we surveyed all 77 major program offices identified 
by DHS and achieved a 92 percent response rate, which is quite 
high. Nearly all responded that their programs experienced 
significant challenges that have been shown to increase the 
risk of cost growth and schedule delays. Specifically, 68 of 
the programs reported experiencing funding instability, 
workforce shortfalls, or planned capabilities that changed 
after initiation. Thirty programs reported experiencing all 
three of these challenges.
    Because DHS does not have the data needed to accurately 
measure program performance and outcomes, we used our survey 
results, information DHS provided to Congress in a recent 
internal DHS review, and identified 42 programs that 
experienced cost growth, schedule slips, or both.
    The second point is that the data needed to help accurately 
measure program performance is, in fact, required under DHS's 
own acquisition policies. In reviewing these policies, we found 
they reflect many key program management practices that can 
help mitigate program risks. The policies required DHS program 
offices to capture the critical knowledge at key decision 
points in documents. This knowledge can provide a foundation 
for DHS leadership to make better-informed investment decisions 
and to potentially increase the Department's return on its 
investments.
    However, we found, as we did in 2008, 2010, as well as our 
recent report, that DHS generally has not adhered to this 
policy. Since 2008, our analysis has shown that DHS permitted 
43 of the 49 programs it reviewed to proceed with acquisition 
activities without fully demonstrating the required critical 
knowledge. As a result, we found that most major programs 
lacked reliable cost estimates, realistic schedules, and 
agreed-upon performance objectives.
    The absence of this key information really limits DHS 
leadership's ability to proactively manage its major 
investments and provide essential oversight information to 
Congress. DHS officials told us they recognize the need to 
implement the Department's acquisition policy more 
consistently, but we believe significant work remains.
    Our third point, over the past 2 years, DHS has introduced 
seven major initiatives to help improve the investment 
management across the Department and address key issues 
identified in our past reports, including the high-risk report. 
One initiative, called the Integrated Investment Life Cycle 
Model, is intended to improve strategic decisions at critical 
phases of the investment life cycle. Other initiatives are 
targeted at improving component-level acquisition management, 
acquisition workforce development, and the development of a 
business intelligence tool, which is essentially a database to 
help increase the Department's access to program data and 
performance metrics. However, how effective these initiatives 
will be remains to be seen. Each of the initiatives face 
capacity issues, and DHS is still developing implementation 
plans.
    In closing, we have made a number of recommendations to DHS 
over the years to help improve investment management, including 
our latest report, and DHS has generally concurred. The 
Department's recent efforts demonstrate a commitment to 
improving its investment management. However, it is essential 
that it take a more disciplined approach moving forward to 
adhering to its acquisition policies, particularly as the 
Department must adjust to a period of Government-wide fiscal 
constraints. Without greater discipline, DHS decision-makers 
will continue to lack the information needed to proactively 
manage the major programs, and the Department will continue to 
run the risk of paying more than expected for less capability 
than promised.
    Chairman McCaul, Ranking Member Keating, and Members of the 
subcommittee, this concludes my prepared statement, and I would 
be happy to answer any questions you may have.
    [The prepared statement of Mr. Hutton follows:]
                   Prepared Statement of John Hutton
                           September 21, 2012
homeland security.--dhs requires more disciplined investment management 
                       to help meet mission needs
                              gao-12-1029t
    Chairman McCaul, Ranking Member Keating, and Members of the 
subcommittee: I am pleased to be here today as you examine investment 
management at the Department of Homeland Security (DHS). DHS invests 
extensively in acquisition programs to help secure the border, 
facilitate trade, screen travelers, enhance cybersecurity, improve 
disaster response, and execute a wide variety of other operations in 
support of its critical missions. In 2011, DHS reported to Congress 
that it planned to ultimately invest $167 billion in its major 
acquisition programs, and in fiscal year 2012 alone, DHS reported it 
was investing more than $18 billion in the Department's acquisition 
programs. DHS acquisition management activities have been highlighted 
in our High-Risk List since 2005, and our work over the past several 
years has identified significant shortcomings in the Department's 
ability to manage an expanding portfolio of complex acquisitions.\1\ We 
have previously established that a program must have a sound business 
case that includes firm requirements, a knowledge-based acquisition 
strategy, and realistic cost estimates in order to reduce program 
challenges.\2\ These conditions provide a program a reasonable chance 
of overcoming challenges yet delivering on time and within budget. 
Earlier this week, GAO issued a report entitled Homeland Security: DHS 
Requires More Disciplined Investment Management to Help Meet Mission 
Needs.\3\ In this report, GAO found that while DHS has a sound 
acquisition management policy in place and has introduced initiatives 
to address long-standing challenges, DHS's ability to manage its 
acquisition programs is hampered by the lack of consistency with which 
it has implemented its policy. This report is the basis for my remarks 
today.
---------------------------------------------------------------------------
    \1\ GAO, High-Risk Series: An Update, GAO-05-207 (Washington, DC: 
January 2005); Department of Homeland Security: Billions Invested in 
Major Programs Lack Appropriate Oversight, GAO-09-29 (Washington, DC: 
November 18, 2008); Department of Homeland Security: Assessments of 
Selected Complex Acquisitions, GAO-10-588SP (Washington, DC: June 30, 
2010).
    \2\ GAO, Defense Acquisitions: Managing Risk to Achieve Better 
Outcomes, GAO-10-374T (Washington, DC: Jan. 20, 2010).
    \3\ GAO-12-833 (Washington, DC: Sept. 18, 2012).
---------------------------------------------------------------------------
    In 2008, DHS issued the initial version of its current acquisition 
policy--Acquisition Management Directive 102-01 (AD 102)--in an effort 
to establish an acquisition management system that effectively provides 
required capability to operators in support of the Department's 
missions.\4\ AD 102 establishes that DHS's Chief Acquisition Officer--
currently the Under Secretary for Management (USM)--is responsible for 
the management and oversight of the Department's acquisition policies 
and procedures.\5\ AD 102 also establishes that the USM and other 
senior leaders are responsible for reviewing and approving the movement 
of DHS's major acquisition programs through four phases of the 
acquisition life cycle at a series of five predetermined Acquisition 
Decision Events. An important aspect of the Acquisition Decision Events 
is the review and approval of key acquisition documents critical to 
establishing the need for a major program, its operational 
requirements, an acquisition baseline, and testing and support plans. 
At the Acquisition Decision Events, AD 102 requires that an Investment 
Review Board (IRB)--consisting of senior managers from various 
functional disciplines--support the USM and other senior leaders by 
reviewing major acquisition programs for proper management, oversight, 
accountability, and alignment to the Department's strategic functions. 
The Office of Program Accountability and Risk Management (PARM), which 
is responsible for DHS's overall acquisition governance process, 
supports the IRB, and reports directly to the USM. PARM develops and 
updates program management policies and practices, oversees the 
acquisition workforce, provides support to program managers, and 
collects program performance data.
---------------------------------------------------------------------------
    \4\ The interim version of AD 102 replaced Management Directive 
1400, which had governed major acquisition programs since 2006. DHS 
originally established an investment review process in 2003 to provide 
Departmental oversight of major investments throughout their life 
cycles, and to help ensure that funds allocated for investments through 
the budget process are well spent. DHS issued an updated version of AD 
102 in January 2010 and subsequently updated the guidebook and 
appendices.
    \5\ The Secretary of DHS designated the USM the Department's Chief 
Acquisition Officer in April, 2011.
---------------------------------------------------------------------------
    Because DHS invests significant resources developing capabilities 
to support the Department's mission, our recent report identifies the 
extent to which: (1) DHS's major acquisition programs face challenges 
that increase the risk of poor outcomes; (2) DHS has policies and 
processes in place to effectively manage individual acquisition 
programs; (3) DHS has policies and processes in place to effectively 
manage its portfolio of acquisition programs as a whole; and (4) DHS 
has taken actions to address the high-risk acquisition management 
issues we have identified in previous reports.\6\ To address these 
issues, we surveyed all 77 major program offices from January to March 
2012, and achieved a 92 percent response rate.\7\ We also reviewed all 
available documentation of Department-level acquisition decisions from 
November 2008 to April 2012; interviewed acquisition officials at DHS 
headquarters and components; reviewed resource plans and DHS 
performance reports; compared our key acquisition management practices 
to DHS acquisition policy; identified the extent to which DHS has 
implemented its policy; and analyzed the Department's recently proposed 
efforts to address high-risk acquisition management challenges.\8\
---------------------------------------------------------------------------
    \6\ GAO-12-833.
    \7\ DHS originally identified 82 major acquisition programs in the 
2011 major acquisition oversight list, but five of those programs were 
subsequently cancelled in 2011. Seventy-one program managers responded 
to the survey.
    \8\ We conducted this performance audit from August 2011 to 
September 2012 in accordance with generally accepted Government 
auditing standards. Those standards require that we plan and perform 
the audit to obtain sufficient, appropriate evidence to provide a 
reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a reasonable 
basis for our findings and conclusions based on our audit objectives.
---------------------------------------------------------------------------
    In summary, we found that 68 of the 71 programs that responded to 
our survey reported that they experienced funding instability, faced 
workforce shortfalls, or that their planned capabilities changed after 
initiation. Most respondents reported a combination of these 
challenges. We have previously reported that these challenges increase 
the likelihood acquisition programs will cost more and take longer to 
deliver capabilities than expected. Although DHS largely does not have 
reliable cost estimates and realistic schedules to accurately measure 
program performance, we used our survey results, cost information DHS 
provided to Congress, and an internal DHS review to identify 42 
programs that experienced cost growth, schedule slips, or both. 
Further, using DHS's future-years funding plans--which aggregate 
funding levels to produce total project costs--we gained insight into 
the magnitude of the cost growth for 16 of the 42 programs. The total 
project costs for these 16 programs increased from $19.7 billion in 
2008 to $52.2 billion in 2011, an aggregate increase of 166 percent.
    We also found that DHS's acquisition policy reflects many key 
program management practices that could help mitigate risks and 
increase the chances for successful outcomes. It requires programs to 
develop documents demonstrating critical knowledge that would help 
leaders make better-informed investment decisions when managing 
individual programs, such as operational requirements documents that 
provide performance parameters that programs must meet, and acquisition 
program baselines that establish programs' critical baseline cost, 
schedule, and performance parameters. However, there are areas where 
DHS could further enhance its acquisition policy. Furthermore, as we 
have similarly reported in 2008 and 2010, DHS has not consistently met 
the requirements it has established.\9\ The Department has only 
verified that four programs documented all of the critical knowledge 
the policy requires to proceed with acquisition activities. A number of 
officials explained that DHS's culture has emphasized the need to 
rapidly execute missions more than sound acquisition management 
practices. DHS recognizes the need to implement its acquisition policy 
more consistently, but significant work remains to ensure DHS has the 
knowledge required to effectively manage its programs.
---------------------------------------------------------------------------
    \9\ GAO-09-29, GAO-10-588SP.
---------------------------------------------------------------------------
    In addition, we determined that DHS's acquisition policy does not 
fully reflect several key portfolio management practices, such as 
allocating resources strategically, and DHS has not yet re-established 
an oversight board to manage its investment portfolio across the 
Department. Since 2006, DHS has largely made investment decisions on a 
program-by-program and component-by-component basis. Cost growth and 
schedule slips, coupled with the fiscal challenges facing the Federal 
Government, make it essential that DHS allocate resources to its major 
programs in a deliberate manner. DHS plans to develop stronger 
portfolio management policies and processes, but until it does so, DHS 
programs are more likely to experience additional funding instability, 
which will increase the risk of further cost growth and schedule slips. 
These outcomes, combined with a tighter budget, could prevent DHS from 
developing needed capabilities.
    In 2011, DHS began to develop initiatives that could improve 
acquisition management by addressing long-standing challenges we have 
identified, such as funding instability and acquisition workforce 
shortfalls. DHS has made progress implementing some of the initiatives. 
As of August 2012, DHS chartered eight Centers of Excellence to bring 
together program managers, senior leadership staff, and subject matter 
experts, and created a Procurement Staffing Model to determine optimal 
numbers of personnel to properly award and administer contracts. 
However, implementation plans are still being developed, and DHS is 
still working to address critical issues, particularly capacity 
questions. Because of this, it is too early to determine whether the 
DHS initiatives will be effective, as we have previously established 
that agencies must sustain progress over time to address management 
challenges. DHS is also pursuing a tiered governance structure that 
would delegate major milestone decision authority to lower-level 
managers, but it must reduce risks and improve program outcomes before 
delegating this authority.\10\
---------------------------------------------------------------------------
    \10\ DHS implemented this tiered-governance structure for 14 
information technology programs in fiscal year 2011.
---------------------------------------------------------------------------
    In our report, we made five recommendations intended to improve 
investment management at DHS: (1) Modify DHS policy to better reflect 
key program management practices, (2) modify DHS policy to better 
reflect key portfolio management practices, (3) ensure acquisition 
programs fully comply with DHS acquisition policy by obtaining 
Department-level approval for key acquisition documents, (4) prioritize 
major acquisition programs Department-wide and account for anticipated 
resource constraints, and (5) document prerequisites for delegating 
major milestone decision authority. In commenting on our draft report, 
DHS concurred with all five of our recommendations, and identified 
specific actions they plan to take to address three of them. DHS stated 
that the remaining two recommendations--ensure acquisition programs 
comply with DHS acquisition policy, and document prerequisites for 
delegating major milestone decision authority--should be closed based 
on actions taken. However, it would be premature to do so because 
nearly all of DHS's major acquisition programs lack key acquisition 
documents and DHS did not provide documentation clearly establishing 
prerequisites for delegating major milestone decision authority.
    Chairman McCaul, Ranking Member Keating, and Members of the 
subcommittee, this concludes my prepared remarks. I would be happy to 
answer any questions that you may have.

    Mr. McCaul. I thank you, Mr. Hutton.
    The Chairman now recognizes Dr. Nayak.

STATEMENT OF NICK NAYAK, CHIEF PROCUREMENT OFFICER, DEPARTMENT 
                      OF HOMELAND SECURITY

    Mr. Nayak. Thank you, Chairman McCaul, Ranking Member 
Keating, and other distinguished Members of the subcommittee. 
Thank you for the opportunity to discuss DHS's on-going efforts 
to improve acquisition investment management.
    I am the DHS Chief Procurement Officer and a career public 
servant with 23 years of service in the procurement profession. 
With 9 days remaining in the fiscal year, this is the busiest 
time for my employees, and I want to wish each of them well as 
they buy things that protect our great Nation.
    I am pleased to be joined today by my colleagues, Mr. Mark 
Borkowski and Ms. Karen Shelton Waters, two of our 14 component 
acquisition executives who oversee programs within their 
respective components.
    I also wish to acknowledge Mr. John Hutton of the GAO. GAO 
has been a valued partner throughout my tenure at DHS and in 
public service.
    Our vision: About 24 months ago, without requesting 
additional resources, Under Secretary for Management Rafael 
Borras, in collaboration with all key DHS acquisition 
stakeholders, including myself, set in motion a number of 
initiatives to improve all phases of the acquisition life 
cycle. A primary goal of the initiatives, to establish an 
acquisition process that reduces duplication and saves money; 
and you get that done by minimizing program risk and improving 
program governance and execution.
    The under secretary first established and then elevated an 
organization called the Office of Program Accountability and 
Risk Management, known as PARM, to focus on these three 
objectives: Minimizing program risk, improving program 
governance, and improving program execution.
    In the area of minimizing program risk, it is through 
PARM's implementation of the Department's integrated strategy 
for high-risk management that we have more aggressively worked 
to reduce risk. For example, the Department has instituted one 
component of that strategy, the Integrated Investment Life 
Cycle Model, to strengthen the agency's governance of critical 
phases of the investment life cycle and thus moving toward a 
sound budget strategy that systematically prioritizes the 
Department's major investments.
    In the area of improving program governance, DHS has also 
established a new component acquisition executive structure, 
Revised Management Directive 102, and revamped the Acquisition 
Review Board process to ensure more active involvement of 
science and technology policy, the privacy office, and other 
key stakeholders.
    The new CAE structure is key because it establishes a more 
logical line of authority between the Department and our 
components. This allows for uniform implementation of policies, 
oversight, and decision making. As a result of this change, 
program managers cannot deviate from an approved strategy.
    In addition, the Decision Support Tool, a web-enabled 
business intelligence tool that enables us to identify programs 
that have deviated from pre-established cost and schedule and 
performance goals. In addition to that, a quarterly program 
accountability report also made available to all key 
acquisition stakeholders throughout the Department. So better 
business intelligence being provided and consistent information 
being provided to the entire program management community.
    In the area of improving program execution, as was 
mentioned previously, the Department has created--or identified 
eight Centers of Excellence. That will provide program 
management offices and front-line program managers with best 
practices, guidance, and expertise in such areas as 
requirements engineering, cost estimating and analysis, test 
and evaluation, enterprise architecture, and program 
management. Emphasizing continuous and early engagement with 
industry, a priority of mine for first-time-ever for a CPO in 
DHS, and that will additionally help us with requirements.
    In the area of strategic sourcing, we are basically getting 
a better deal for all the contracts that support our programs. 
We have increased the use of strategically-sourced contracts 
supporting our programs by 6 percent. Roughly about 26 percent 
or $2.8 of the $14 billion is passed through our strategically 
sourced contracts, saving us roughly about $200- to $300 
million a year and a billion dollars since our strategic 
sourcing program office was stood up.
    Finally, in the area of acquisition workforce management, 
we have completed a staffing model. You have got to kind of 
know how many people you need to carry out all of this 
acquisition that we are doing in DHS.
    First of all--and I would just remind everybody--that all 
of the initiatives that we have in flight now we have done 
without additional resources, by realigning what we have, but 
it is very clear in DHS acquisition that we need more 
resources.
    In conclusion, we have made progress in improving DHS 
acquisition and investment management. There is still work to 
be done. We look forward to our partnership with GAO and 
Members of this subcommittee as we collectively work to protect 
our Nation.
    Thank you again for the opportunity to testify, and I look 
forward to answering any questions.
    [The joint prepared statement of Mr. Nayak, Mr. Borkowski, 
and Ms. Waters follows:]
   Joint Prepared Statement of Nick Nayak, Mark Borkowski, and Karen 
                             Shelton Waters
                           September 21, 2012
    Chairman McCaul, Ranking Member Keating, and other distinguished 
Members of the subcommittee, I appreciate the opportunity to discuss 
the Department of Homeland Security's (DHS) on-going efforts to 
integrate all phases of our acquisition process, from the conceptual 
phase through execution. The acquisition management portfolio, which 
includes the planning, budgeting, procurement, and program management 
phases, represents nearly $18 billion of the Department's budget. 
Ensuring that it operates at peak efficiency is critical to our ability 
to defend the Nation.
    I wish to acknowledge the GAO, which has been a valued partner 
throughout my tenure. Their independent reviews have been insightful 
and have helped shape our strategy. I also wish to acknowledge my 
partners from CBP and TSA, who represent two of the seven Component 
Acquisition Executives (CAE) who are responsible for overseeing several 
of the Department's major acquisition programs. Mr. Borkowski and Ms. 
Shelton-Walters have been instrumental in solidifying the CAE structure 
and improving the quality of the program management discipline.
    I welcome the opportunity to update you on enhancements to the 
Department's acquisition management framework. We continue to improve 
the analysis and rigor for all phases of the acquisition life cycle. We 
are also using more accurate business intelligence and a more mature 
governance framework to analyze critical details before authorizing a 
program to proceed to the next phase of its life cycle.
                                 policy
    Over the past 3\1/2\ years, DHS has strengthened its policy for 
approving and managing acquisition programs. The second revision to 
Management Directive (MD) 102 is in the final stages of the approval 
process with the accompanying instruction and guidance to be developed 
over the next couple of years. This policy update will help clarify 
standards for all acquisition programs, improve the effectiveness of 
governance and ensure that cost, schedule, and performance metrics are 
more effectively monitored. As a result, the front-line program manager 
will have clearer, more uniform processes and standards to follow, 
which will improve efficiency and mitigate risk.
                               structure
    In addition to strengthening DHS's acquisition management policy, 
we are also reinforcing our support structure through the creation of 
acquisition and program management Centers of Excellence (COE), staffed 
by subject matter experts throughout the Department. The Office of 
Program Accountability and Risk Management (PARM) championed the 
formation of eight COEs, which provide Component program offices with 
best practices, guidance, and expertise in such functional domains as 
cost estimating and analysis; requirements engineering; test and 
evaluation; systems engineering; program management; accessibility; and 
privacy. In addition, as a result of this effort, DHS has developed 
guidebooks offering practical direction on such issues as acquisitions 
planning, requirements development and market research. This initiative 
addresses a GAO recommendation to enhance program management 
capability, integrate best practices across components, and proactively 
address program gaps before they become major issues. To date, the COEs 
have engaged with over 78 percent of the Department's major programs 
and we expect that all programs will access COE services in fiscal year 
2013.
                   more uniform governance framework
    As mentioned earlier, the new CAE structure establishes a more 
logical vertical line of authority between the Department and the 
components. This allows for uniform implementation of policies, 
oversight, and decision making. As a result of this change, program 
managers cannot deviate from an approved strategy unless they receive 
authorization from the designated decision authority. For major 
programs, designated in accordance with MD 102-01, this decision 
authority rests with the chairperson of the Acquisition Review Board 
(ARB). We have convened 120 ARBs since MD 102-01 was established.
    This uniform framework has been well-received by many components 
who had been seeking a more disciplined approach to program management 
and has resulted in better oversight and better performing programs. 
Since the governance framework was solidified, several high-risk 
programs have been directed to make adjustments before proceeding to 
the next Acquisition Decision Event (ADE).
    A number of components have flourished under this new framework and 
are considered models for others to follow. For example, CBP 
implemented a single Acquisition Policy and Process Guide; developed a 
governance structure that simplifies and reduces the number of 
redundant reviews; instituted a long-term, multi-year strategy for 
acquiring and supporting capabilities and developed a Program Analysis 
and Evaluation capability. Likewise, TSA has appointed an Assistant 
Administrator for Acquisition who serves as both the Head of the 
Contracting Activity and the CAE. This realignment provides improved 
efficiency by establishing a single authority that is accountable for 
program performance. Both the TSA and CBP CAEs work collaboratively 
with PARM to ensure the efficient execution of all major programs in 
accordance with DHS policy.
       enhancing business intelligence and acquisition management
    Through these enhancements, DHS is reducing risk by implementing 
improvements in its program management tools. The primary method of 
monitoring programs is through the Decision Support Tool (DST) became 
operational in October 2011. The DST is a web-enabled business 
intelligence tool that provides a central dashboard for assessing and 
tracking the health of major acquisition programs, including key 
indicators such as cost, funding, and schedule. The DST has yielded 
dividends by identifying programs that have deviated from pre-
established cost and schedule performance goals, which are generally 
recognized indicators that predict the probability for success. In 
addition, the Department recently piloted Joint Functional Portfolio 
Reviews to aid in business, financial, and programmatic decision-making 
across the acquisition life cycle.
                               conclusion
    While work remains, the Department has made significant strides in 
improving acquisition management for the Department's portfolio of 
major programs. DHS has worked diligently to improve its acquisition 
processes while shifting the decision-making paradigm to the use of 
more empirical evidence and support programs throughout their life 
cycle. These efforts have produced more effective governance and 
significant improvements to current and future acquisitions. Thank you 
again for the opportunity to appear before you and I look forward to 
your questions.

    Mr. McCaul. Thank you, Dr. Nayak.
    The Chairman now recognizes Mr. Borkowski for his 
testimony.

STATEMENT OF MARK BORKOWSKI, ASSISTANT COMMISSIONER, OFFICE OF 
   TECHNOLOGY INNOVATION AND ACQUISITION, CUSTOMS AND BORDER 
          PROTECTION, DEPARTMENT OF HOMELAND SECURITY

    Mr. Borkowski. Good morning, Chairman McCaul, Ranking 
Member Keating. I appreciate the opportunity to be here and 
talk to you about how we see acquisition management and its 
trending as we go into the next couple of years.
    We have discussed a lot about initiatives and specific 
initiatives. One of the things I would like to focus on a 
little bit as I get started here is the context of those 
initiatives, because I think that is very important. They are 
not a loose connection of things that people made up. There is 
actually sort of a holistic approach to a problem that those 
represent attacks on. So I would like to focus on a couple of 
the areas that occur to me as I look at our acquisition 
programs and talk about how these initiatives support this 
holistic sense.
    First of all, when you come into a program like we have 
come into, you have to struggle with a balance between past, 
present, and future; and what I mean about that is many of the 
programs that you cited, many of the programs that we are 
dealing with were, frankly, established in the absence of 
discipline. They were established with heroics and energy and 
commitment but not necessarily with supporting infrastructure, 
processes, tools, and skills. As I am sure we all know, if you 
move quickly on the wrong path, you get to a bad place faster. 
So, frankly, a lot of what we are dealing with is the how do I 
get out from under that bad place?
    But we don't want to forget as we do that that we don't 
want to be in that same bad place in 2 or 3 years. So I think 
it is important to understand that these initiatives are 
focused on two things. One is, how do we deal with the fact 
that we are in a bad place? But, also, how do we make sure that 
my successor doesn't have the sleepless nights and the 
headaches that I am having so that they are not in a bad place 
in the future? We shouldn't forget about that as we go forward.
    You mentioned SBInet. We were in a bad place. Sometimes 
being in a bad place requires stopping and starting again from 
scratch. Other times, it requires less drastic measures, but we 
are working through that. These initiatives are designed to 
help us with both the bad place and making sure we are not 
there in the future.
    The second thing I think is important to discuss is risk 
management, and that term has been used several times already 
in this hearing.
    First, I think it is important to understand there is a 
very specific definition of risk management. We use the term 
very loosely, but in my business there is a well-understood, 
well-established definition, and the definition of risk is the 
combination of the likelihood that something bad will happen 
and the severity of the consequence of it if it does. So if you 
have a low probability of something bad happening, and even if 
it does happen it doesn't matter, that is low-risk. If you have 
a high probability of something bad happen, and if it does it 
will be really bad, that is high-risk. Then you have got this 
kind of in-between, tough-to-handle area where you have a high 
probability of something but it is not a big deal or a low 
probability. So that is risk management.
    I go through that because what is important to me is to 
remember that there is no such thing as a program with no risk. 
We don't have the resources to have no risk. So acquisition and 
program management is all about identifying, quantifying, and 
deciding as a community what risks are reasonable, and 
understanding that, even if that decision is rational, we may 
still lose the bet. We might say it was reasonable, and we need 
to reward prudent risk-taking.
    Part of the problem we have had in the past is that we have 
taken risks without knowing that they were risks, without 
transparency between the components and the Department and 
Congress about we all agree that that is a reasonable risk to 
take. Many of the initiatives and tools we are talking about 
are tools that help us make sure we all understand the risks, 
we are transparent about the risks, and we can reinforce the 
program managers who we have asked to take those risks as they 
proceed.
    The third thing I think that is important in context is the 
role of the program manager. This is the person who is actually 
on the point. We are a support structure to program managers. 
But, ultimately, programs will succeed or fail based on the 
skill, competence, talent of the program managers.
    Many of our initiatives are designed for us to grow program 
managers. Because, frankly, we have asked many people to 
perform in this role who we have not given the tools and the 
support to perform. That is clearly on us. Many of the 
initiatives that we have talked about here are focused on 
helping strengthen the program manager, either by developing 
training or by reinforcing them with access to things like 
Centers of Excellence and other executives who can support 
them.
    So those are kind of three big contextual issues under 
which I think it is important to evaluate this portfolio of 
initiatives.
    From the perspective of CBP and the portfolio I have, we 
have valued and benefited from these initiatives as we have 
gone forward. We have augmented them with our own initiatives. 
We believe that they give us a much brighter future, and we 
appreciate the committee's support as we deal with the bad 
stuff that we are trying to dig out from under at the same 
time.
    So I look forward to the committee's questions, and I 
appreciate the opportunity to be here.
    Mr. McCaul. Thank you, Mr. Borkowski. We certainly 
recognize you didn't create all these problems that I 
identified. I appreciate your insight and expertise to resolve 
these problems. It is very important not only to the Congress 
and the DHS but to the American people.
    Ms. Waters, you are now recognized for your testimony.

  STATEMENT OF KAREN SHELTON WATERS, ASSISTANT ADMINISTRATOR, 
OFFICE OF ACQUISITION, TRANSPORTATION SECURITY ADMINISTRATION, 
                DEPARTMENT OF HOMELAND SECURITY

    Ms. Waters. Good morning, Chairman McCaul, Ranking Member 
Keating, and distinguished Members of the subcommittee. Thank 
you for the opportunity to appear before you today.
    As you may know, the Transportation Security 
Administration's Office of Acquisition is headquartered in 
Arlington, Virginia. OA is a mission-focused adviser for 
planning and managing TSA's acquisition programs and 
procurements, and our portfolio includes 34 designated 
acquisition programs. In addition, we manage the acquisition 
workforce and we provide day-to-day support to TSA's 
acquisition program managers for a wide range of critical 
acquisition-related processes. I serve as the assistant 
administrator for acquisition, and I function as the head of 
the contracting activity, or HCA, as well as the component 
acquisition executive, or CAE.
    Our acquisition portfolio includes six level 1, five level 
2, and 23 level 3 programs. Level 1 programs consist of life-
cycle costs in excess of $1 billion, level 2 in excess of $300 
million, and level 3 programs are budgeted at $300 million or 
less.
    Among TSA's level 1 programs are the passenger screening 
program Secure Flight and our electronic baggage screening 
program. Two examples of level 2 programs include the National 
Canine Program and the Security Technology Integrated Program.
    The office assists program managers in developing 
acquisition strategy and program planning. This assistance is 
delivered through services such as assisting in preparation and 
review of acquisition documents, including acquisition plans, 
mission need statements, operational requirements documents, 
analysis of alternatives, and life-cycle cost estimates, to 
name a few.
    Our office operates a training program for TSA program 
managers and staff, covering topics such as acquisition 
planning, source selection, risk management, writing of 
statements of work, and logistics. We provide program offices 
in acquisition functional areas of program management, 
requirements development life-cycle cost estimating, test 
evaluation, systems engineering, acquisition planning, and 
certain procurement-specific areas. We also staff a small 
business office that promotes initiatives to maximize the use 
of small and disadvantaged businesses to meet TSA's needs.
    My responsibilities include ensuring programs throughout 
the organization follow GHS and TSA acquisition policy. We use 
a program scorecard to assess programs in terms of cost, 
schedule, technical performance, planning, execution, and risk. 
In addition, we conduct quarterly assessments of TSA's 
acquisition programs, which are presented to senior leadership.
    For each of our level 3 programs, decisions occur at TSA's 
acquisition review boards, or ARB, which are attended by 
assistant administrators or their representatives from across 
TSA. By centralizing CAE and HCA functions with the Office of 
Acquisition, TSA receives the benefits of enhanced 
collaboration, integration, and reconciliation in supporting 
its acquisition programs. I maintain a collaborative 
relationship and coordinate with my counterparts at DHS 
regularly. Our offices use similar and sometimes shared 
databases and systems to monitor and manage the acquisition 
performance.
    The Aviation and Transportation Security Act, or ASTA, 
provides TSA with statutory authority to enter into and perform 
such contracts, leases, cooperative agreements or other 
transactions as may be necessary to carry out the functions of 
the administrator and the administration. Other transaction 
agreements establish a set of legally enforceable promises 
between TSA and the recipients; and OTA is not a procurement 
contract, grant, cooperative agreement, lease, or loan.
    TSA uses OTAs in many instances, such as for the advanced 
surveillance program that provides Federal dollars to airports 
to install closed-circuit cameras to monitor sensitive areas 
and the electronic baggage screening program that funds 
airports' facility modifications to accommodate checked baggage 
and section systems.
    The TSA Office of Acquisition is committed to developing, 
implementing, and reporting acquisition metrics that coincide 
with TSA's mission and vision that are timely, realistic, and 
accurate, and that will drive informed and effective decision 
making by TSA leadership and management. Thank you again for 
the opportunity to appear before you today. I look forward to 
answering any questions you may have.
    Mr. McCaul. Thank you, Ms. Waters.
    Mr. Hutton, I just want to thank you for your excellent 
report and work identifying the problems and trying to identify 
solutions to those problems.
    I remember I used to think that the Secretary of Homeland 
Security should be somebody with like our background, a 
prosecutor, law-enforcement type. Then I thought, no, maybe a 
general, like some military guy that could really run a tight 
ship, you know, would be perfect for that job. But more and 
more I am starting to think that what we really need is a 
business leader at the top, somebody that, when I look at the 
problems of DHS and how to fix DHS, so many of these issues are 
management-related more than anything, acquisition-related or 
management.
    I will leave that for the next President, whoever that is, 
to make that decision. But, you know, I think like Steve Jobs, 
who was just brilliant in terms of business, if he was looking 
at his latest version of the iPhone and suddenly it cost 200 
percent more than they thought or he had cost overruns or it 
was delayed, they were going to announce it was going to come 
out in September but it didn't come out until like 2 years 
later, you know, in the private sector this just wouldn't--and 
I understand this is a different animal than the private 
sector, but that would not fly in the private sector. There 
were these 2008 guidelines I think DHS, you know, put forward 
which were good--and I think you identified that, Mr. Hutton, 
in your report--and yet the Department doesn't follow it, for 
some reason.
    So, Mr. Hutton, let me just go to you first. If you could 
just tell me what you--if you could just simply identify what 
you perceive to be the problem, what you would also put forward 
as the fix to this problem.
    Mr. Hutton. Thank you, Chairman. There is a number of 
points I think I could make on this.
    One, you referenced the private sector and what would the 
private sector do. The thing I would point out is that a lot of 
the processes and the steps and the decision points that you 
will see in the current directive is really based on commercial 
practices, and it is all about also managing risk. The private 
sector will at the early stages decide what kind of portfolio 
of projects they might want to take on, and they may have 
varying risks, but they have constant revisiting at early 
decision points: What do we know about these risks? What is it 
going to cost? You kind of winnow down over time what they 
think is executable and what is going to help the bottom line 
of the company. But it is based on knowledge, it is based on 
stakeholder involvement, that could be the chief financial 
officer, business people.
    So the process is set, and you are asking about the 
execution. The way I see it, that 2008 directive was a real 
important first step, and I say that because some of these 
requirements were, in fact, in place before 2008. They required 
a lot of this knowledge-based approach. In fact, we issued a 
report in 2005 that said even what they had in place then 
resembled the knowledge-based approach largely, and it was all 
about execution.
    I think why I say 2008 was important, because what they did 
was try to come up with a common lane which would explain what 
they want the components to do and how to do it, and they 
worked very closely with the different components to adjudicate 
a lot of comments, get a lot of understanding, a lot of 
conversations, and so it ended with that particular directive. 
But I think that was a real important step, because now 
everybody is talking a common language and I think should have 
a good understanding of what the requirements are.
    Why is it not being implemented? I would say largely there 
were some capacity issues. I believe around the 2008 time frame 
you had the Acquisition Program Management Division and the 
cost--they set up the Cost Analysis Division. I think you might 
have looked around, 8 people, 9 people. I believe 4 years later 
they are up in the stages of shooting towards roughly 55, and 
these are folks that are going to help manage the process 
through the Department, help provide cost-estimating support.
    So I think capacity was one part of it, but I also think it 
is leadership and having someone at the USM's level that will 
drive the process and insist on adhering to the governance 
process, and I think our work has shown that since January we 
are hearing more and more of the desire to do that.
    Mr. McCaul. It is good news. Just, you know, 4 years later 
now suddenly the light bulb is on that, gee, we had a solution 
to this that was set forth in a directive 4 years ago, and now 
we are thinking about implementing it. But it has been 4 years.
    So I guess to the other witnesses--and I know, Ms. Waters, 
you just came on board in March, so it may be unfair to pick on 
you. But, Dr. Nayak, can you speak to why this has not been 
implemented and why it has taken 4 years to finally get this 
idea that, gee, we came up with the solution 4 years ago that 
may work, and now we are just finally starting to implement 
them?
    Mr. Nayak. So happy to add to what Mr. Hutton shared.
    You know, look, I have been here for a little bit less than 
2 years and I think Mark a little bit more than that and, 
obviously, Karen is new to her role. So it could possibly be if 
we used 4 years as the marker for that transition, you need 
steady leadership over time, and we have had it, and now we do 
actually have the results, as Mr. Hutton shared.
    A couple things I just generally want to share with you 
sort of on a positive note and all under the heading of 
acquisition, generally speaking.
    GAO recently issued in this month, I believe, a report on 
management integration, one on procurement oversight at the 
Department, as well as this report that we are discussing 
today. Lots of positive news in the management integration 
report about the things we are actually doing, the things we 
are executing against that 2008 directive that we have revised. 
Procurement oversight I think was one of the better GAO reports 
I have ever seen, and that is really in my wheelhouse we have 
enhanced procurement oversight.
    In investment management in this report, we recognize, as 
Mr. Borkowski pointed out, there is clean-up to be done, and we 
are doing that. So we have been living it for the last 2 years.
    It kind of starts out with the Integrated Investment Life 
Cycle, which essentially is going to have at the front end like 
a joint requirements body fed by sort of functional information 
that cuts across the components so that in the front end of 
acquisition we are going to be discussing commonalities and 
what major requirements should actually become programs 
eventually after looking across the enterprise of what we 
already have as well as even what other agencies have and DOD 
has. So you won't ever get programs birthed without being fully 
informed. That is the first thing.
    But on the back end, where we have lots of clean-up to do 
in the acquisition review sort of world and our more than 500 
programs, 127 major programs and what we classify as level 1 
and level 2, about 40 of each of those, we have lots of things 
in flight and are actually getting results.
    So just, for instance, because it has been mentioned here, 
do we have enough credible cost estimates? Well, we didn't in 
the past. Is it increasing? The answer is yes. Do programs go 
through ARBs and are they ever delayed? Are they ever stopped? 
The answer is yes.
    So we are forcing, first of all, a common language so 
everybody across the Department now is informed about program 
information, the same information through the DST, through the 
quarterly program acquisition report, and also Congress is 
through our comprehensive acquisition status report. We are 
more transparent than ever about everything that is going on 
with our programs.
    Meanwhile, we double back behind to do the clean-up work 
while also making sure no program gets birthed unless it goes 
through this Integrated Investment Life Cycle.
    So I am pretty confident that moving forward that we need 
time to just execution, and we are doing it today. So it is not 
like we are saying we need 2 years to begin execution; we are 
executing right now.
    Mr. McCaul. I think that is the good news. The bad news is 
you are still on GAO's high-risk list, despite all this good 
news.
    Mr. Borkowski.
    Mr. Borkowski. Yes, I would just like to also highlight 
there is a difference between knowledge management and 
documentation. See, that is part of the challenge here, right?
    So you mentioned STAMP. STAMP, we believe, has the 
knowledge management, but it is not documented in the 
appropriate format. So the question we have--and this is part 
of that balancing past and future--do we go back and capture 
that knowledge management in the now current formats or do we 
accept that the knowledge management is complete?
    Another I think that you might find intriguing is that, in 
the case of SBInet, that scored very highly in terms of the 
documentation complete, and yet we know what the status of that 
was.
    So as we do that balancing between past and future, it is 
very important we get in a common language. Because one of the 
problems that the Department has with STAMP is, okay, we have 
to spend all of this time confirming knowledge management. If 
we had had it in the right format, that would have been nearly 
the lift it is. But I think that is important as we look at 
digging out as opposed to going forward. It is very important 
to have a common language, but let's not confuse knowledge 
management with documentation.
    Mr. McCaul. Ms. Waters, do you have any remarks?
    Ms. Waters. No, thank you.
    Mr. McCaul. Okay, you are very smart.
    Mr. Hutton, it is my understanding that, in terms of 
procurement or acquisition, that it is still very siloed within 
the Department in terms of the 22 different components coming 
together. They are not really brought together; is that 
correct?
    Mr. Hutton. Well, if you take it from the point of view of 
program management and the large acquisitions, I would say that 
they are breaking down some of those silos. Because what they 
have done is the program accountability and risk management 
group, they moved it up under the under secretary of 
management, and they now--and then they established a component 
acquisition executive. So now you have a link between the 
Department-level governance process and the component level to 
work together to ensure that the Department's requirements are 
being met, and then folks like Mr. Borkowski will work within 
the component so that when they are going to an investment 
review meeting that through his great work he is going to 
ensure that they do have the knowledge and they do have it 
properly documented.
    I will just say, documentation is important, though, 
because it has to go forward for the Department. The Department 
is buying off on these large investments, many of them that are 
going to cost--you know, go out 20 years, cost billions of 
dollars, and you have to know when you are approving those 
programs at the start that you are making that commitment. 
Because if you don't know that, you may end up at a point in 
time where you start managing so many programs and the budget 
is forcing decisions where you start adding this funding 
instability and other things that we talk about which then 
starts creating problems for the program managers to be able to 
execute their program. So I think the documentation provides 
that added buy-in from the Department but it also facilitates 
some accountability as well.
    Mr. McCaul. Yeah, I think you make a good point. I mean, I 
can see how, you know, somebody in the Department is like, I 
have got all this paperwork I have got to do, and they think it 
is kind of cumbersome, burdensome, and not necessary. But when 
you are talking about particularly these level 1 programs, they 
are billions of dollars, and in the private sector I think that 
they would certainly have, you know, I think paperwork that 
would have to be completed.
    So from what I am hearing from you, though, these silos are 
not--there is a merger now in terms of acquisition policies is 
what you are saying that is happening?
    Mr. Hutton. Well, from my view, now there is more 
communication. I think there is better understanding. In our 
survey--and I would recommend everyone take a look at our 
survey in the back of the report. It was an outstanding survey. 
The 77 major program offices that we surveyed had a 92 percent 
response rate, but there are a whole bunch of questions in 
there that give a reflection of the program manager's view, the 
program office's view of their initiatives that they are 
undertaking now, what they think about PARM's role. PARM 
actually got--and I am not saying that as I am surprised--but 
they actually got some pretty high scores in terms of 
familiarity with what PARM is doing and also what value they 
think PARM is bringing to the programs. This is fairly recent, 
and that is why I think our survey was really like a health 
assessment.
    Dr. Nayak has a nice health assessment for his 
procurements. But if people go into that survey, there is a lot 
of questions that aren't really teased out in the report, but 
it is going to give you a good insight of what the ones that 
are on the ground trying to make these programs work, what they 
think about the Department's requirements, the Department's 
initiatives, and things like that.
    That said, I do want to make one point, though, sir.
    In January 2011 is when we kind of started really working, 
you know, back and forth for the Department in their efforts to 
get off the high-risk. We submitted five outcomes to the 
Department in the acquisition management area back in 
September, 2010.
    January, 2011, the Department came out with a strategy to 
get off the high-risk which includes acquisition management. 
That strategy was about 55 pages, and we had some feedback to 
the Department where we thought that strategy could be 
improved.
    They have had subsequent 6-month period strategies. They 
are now at a strategy--not saying more pages is better--but 
they are at about almost 300 pages in their current strategy, 
but they are starting to better link the outcomes that we 
expect them to take as to the root causes of why they haven't 
done it in the past. So I think that back and forth has helped 
a lot in promoting this.
    But one of the major features is its Integrated Investment 
Life Cycle Model. That was introduced in January, 2011. What is 
a little concerning to me is that when we surveyed the program 
offices 32 of the 47 of the program offices--and this was a 
response in January, March of this year--said that they really 
weren't too familiar with it yet. So I think if you are going 
to drive this down through the organization I think it is 
imperative that they keep talking and communicating.
    Yes, it is not fully developed yet. They are working 
through a lot of different things. We are open-minded about the 
approach they are taking. We want to see it play out. It is 
their solution. But we think communications with the components 
and constant interaction will help create a better likelihood 
of a good outcome in that effort.
    Mr. McCaul. It is an actual point that they still remain on 
the high-risk list. Are you optimistic that DHS will be off 
that list in the future, near future?
    Mr. Hutton. Sir, for context, DOD has been on the high-risk 
list for acquisition since 1992, the Department since 2005. We 
are talking--as Dr. Borkowski said, these are very complex 
systems. It is a lot of money. It is a lot of inherent risks.
    You take it back to the need to go through a knowledge-
based approach. You are not going to get perfection. Even with 
the best knowledge-based approach, it comes down to individual 
decisions you make at each point in time along the way.
    So I would say that given the fact that they have so many 
programs without a lot of the foundational documents that is 
going to allow them to have the insight to make those good 
decisions, given that they have to get those developed and also 
approved by the Department so they know what they are buying 
and what capability they are buying.
    Mr. McCaul. I appreciate your kind of relationship in view 
of this. It is like a diagnostic test, almost like a doctor 
would make an analysis on your health. You are not doing quite 
as well, so you are on the high-risk list, but here is how you 
can get off of it. I think that kind of relationship working 
together is the productive way to move forward and get off the 
list, and hopefully I can share in your optimism at some point 
that they will be off the list.
    Last point, because I am taking a lot of time, but I can, I 
guess. It is just the two of us.
    Mr. Borkowski, I can't let you go without asking you about 
one of my favorite issues, and that is border technology. You 
and I went down there and looked at some DOD assets technology; 
and I still think, given these budgetary constraints we live 
in, that--and Mr. Cuellar and I talked to the generals in 
Afghanistan and Iraq about transferring some of this technology 
and leveraging existing technology within the Federal 
Government that we have already invested R&D money into. It is 
nothing. You don't have to recreate this stuff.
    I know you have some good news on that front, but I want to 
give you an opportunity to maybe talk a little bit about that 
issue in terms of what you are leveraging and where do we stand 
at this point in time with respect to the border and the 
technology initiative?
    Mr. Borkowski. Well, very quickly, we have built a much 
stronger real-time relationship with various elements of the 
Department of Defense that are helping us through this. So we 
are aware of the availability of all kinds of technologies, 
everything from nonintrusive inspection systems to aerostats to 
hand-held--you know, long-range night-imaging information.
    We have received a whole inventory of those things. I have 
sent teams out to Army depots to survey what is in that 
inventory and prepare to perhaps lay some claim to some of 
those things.
    For some of the systems, in particular aerostats and the 
towers that support them, we have actually worked with the 
Department of Defense to evaluate those systems on the Texas 
border in August. We actually had two aerostats and two towers. 
What we find, by the way, is that these things are very 
effective systems.
    What we are evaluating is what do they actually cost for 
us, what do we have to do to train our people. We want to make 
sure that we don't go into this without complete knowledge.
    Again, it is knowledge-based. We don't want to do the 
SBInet thing with the DOD technology. We want to make very 
clear that as we go into using this technology we are aware of 
what the complete bill will be. I will tell you that, 
particularly for those aerostats, very effective.
    So we are in the process of evaluating those results, 
making some trades with cost, looking at the inventory of 
things that the Department of Defense has that are oftentimes 
more modest things.
    In fact, the relationship is such that the Department of 
Defense--the Pentagon is a couple of blocks from my office--has 
actually left some of these things in my storage room so that 
we can actually try them out that way. So I think the 
relationship is getting better.
    I do want to be a little cautious. We do need to do some 
cost evaluation to make sure we can actually afford them, but 
it looks very promising.
    Mr. McCaul. That is good to hear.
    I got a phone call from Commissioner Aguilar actually 
updating me on the aerostat program, and specifically in Texas, 
and I just actually want to say how much I appreciate getting 
that phone call. I thought that was a real positive step to 
say, hey, here is some good news of what we are doing on the 
border.
    Are we still looking at--yeah, I think the fence is up, you 
have got more personnel, we can always use more resources. But 
when I hear it is going to take 10 more years to secure the 
border, that just didn't go over well with my constituents. 
Where are we right now?
    Mr. Borkowski. Well, with the Arizona----
    First of all, the DOD systems--the DOD systems, the way 
that we are currently looking at them, they give us an 
opportunity to put some deployments, a shot in the arm in areas 
that the Arizona deployment doesn't cover, right? So we are 
still planning to do the Arizona deployment, but, as you 
recall, the rest of the border was intended to follow that. We 
reserve the option working with you to change that.
    We are seeing things, for example, going on in southern 
Texas that concern us, but, right now, the plan is to buy the 
things for Arizona and then extend beyond that. So one 
advantage of this DOD interaction is it may give us systems 
outside of Arizona more quickly than we thought.
    Having said that, the Arizona plan itself, many of the 
smaller systems have been bought. Those agent portable 
surveillance systems which we went and looked at down in 
Laredo, we have 15 of those in Arizona. We have been using 
them, continue to evaluate them. Mobile surveillance systems 
are coming on-line. We have been doing some testing with the 
vendors, but that is about done. Those will come on-line.
    The two big items that people spend time on are the remote 
video surveillance system cameras--those are day and night 
cameras that go on towers--and the integrated fixed towers, 
which are cameras and radars tied together in areas. Both of 
those are in what we know as source selection. We have sent out 
requests to industry for proposals. The bids have come back in. 
The remote video surveillance system is coming close to the end 
of that process. We have to evaluate those.
    The integrated fixed towers will take a while. Now there is 
a good news/bad news to that. We got so many more proposals for 
that than I have ever seen in my life, and it takes a long time 
to do due diligence with those proposals.
    So I am very, very pleased by the number of proposals that 
we have got because that suggests that all the communication we 
did with industry on--it is nondevelopmental. It doesn't have 
to do everything. If it does a lot and it is a good deal, that 
is good enough. It seems like that worked. The downside of that 
is I have just got to slog through all of those proposals. But 
we do have the proposals in. We are in the source selection 
process for those.
    Mr. McCaul. I do think those integrated fixed towers are 
really going to transform the security down there on the 
border.
    I agree. I mean, I sort of empathize with your situation 
where we are pressuring you to get this done as quickly as 
possible, and then we are pointing the finger at procurement 
acquisition failures and that sort of thing. So you have got a 
lot of proposals coming in, and you have got to weigh them and 
make sure you are making the right decision.
    I would appreciate it if you would update me personally and 
I think the committee as a whole because, you know, we get 
asked about this issue a lot when we go back home. I think if I 
can give my constituents and others on the committee a more 
positive outlook that that would be good.
    Because I think the current impression with a lot of the 
American people is that there is no security at all down there. 
That is, in fact, not the case. You and I know that. But the 
more updates you can give me, the more I can be a messenger 
that we are actually moving forward. So I would appreciate 
that.
    With that, I now recognize the Ranking Member.
    Mr. Keating. Thank you, Mr. Chairman.
    Mr. Hutton, in your remarks, you mentioned one of the 
difficulties being funding instability. Do you want to give me 
some more detail about exactly what you meant with that?
    Mr. Hutton. Sure. One of our questions in the survey was to 
have the program offices point out what the challenges were in 
executing their programs. Funding instability was one of the 
big ones, and we asked them to provide a sense of what are the 
various reasons for the funding instability?
    Just to give you an example--and I have seen this in the 
context of some of the Coast Guard programs that I am 
responsible for--is that you may get funding instability in the 
out-years for your particular program because of another 
program's funding needs. So what happens with--every year, as 
they go through the budget and each of the program offices, if 
they don't have an acquisition program baseline, hopefully they 
will get one, but also a good sense of their cost estimates. 
There is a certain outyear funding flow of what they expect 
that they are going to get and how much they are going to get 
in that year so they can plan their acquisition, execute their 
acquisition.
    But if you are making like budget decisions every year and 
you are trying to make the numbers fit, sometimes there are 
some programs that won't be able to execute aspects or buy a 
particular asset in that particular year. So what might be 
happening in another program--say even within a component--may 
affect another program. But that was the largest reason that 
was given for decreased out-year funding.
    Several other things might involve--the actual life-cycle 
cost estimate at the start didn't really affect the true costs. 
So there we get back the knowledge. When you are going through 
the process, you want to--and it is not easy to come up with 
one early on. But you want to keep looking at it, keep refining 
it. But if you aren't starting with a good, complete life-cycle 
cost estimate, it is hard to have that prediction going through 
the execution.
    Don't forget, when the Department is deciding they are 
going to go ahead with an investment, they will be looking at 
things like, what are we getting? What capability gap is it 
going to fill? What kind of capability are we going to get? How 
much is it going to cost?
    If that is not firmly established and you don't have 
solid--as best you can at that point in time--good estimates, 
then who knows what is going to happen over the course of the 
development of that program? Because you have, as we do in the 
Department here, at least 70, 80 more major acquisitions that 
are all trying to execute their program. As we know, they are 
precious dollars.
    The Department's budget for procurement has roughly 
doubled, I think, since 2004, 2005. Well, I don't know what is 
the future for the Department, but I am not sure we would all 
take a bet on doubling it again for the next 5 years, given the 
current situation. So that is a concern from the standpoint of 
if you don't have good insights on your costs right now--and 
the Department is really trying to get a handle on that--it 
really raises questions in my mind at some point, do we have a 
good handle on all the programs we are buying? Are they even 
all collectively affordable? Once you start stretching out 
programs because of affordability, that naturally one-one 
consequence might be further cost growth.
    Mr. Keating. When they are deciding, did they do it in that 
risk-assessment-type format that they are going to have to pick 
within internal areas? Because----
    Mr. Hutton. Well, you are pointing to a very good point, 
and maybe Mr. Borkowski might be able to talk with more detail 
of what happens within a component.
    But I think that is one of the issues that we pointed out 
in our 2008 report and we continue to point out. That is why 
you need this information. Within a component, they might be 
able to have a good understanding of kind of their different 
programs, but who at the Department level in the absence of 
information is going to really be able to play off all of these 
different acquisitions that are trying to affect a capability 
gap in all these different missions? In the absence of that 
information, I am not sure how well you can make those kinds of 
good trade-offs. So I think you are pointing to one of the 
biggest challenges.
    One thing that the Department is working on with their 
Integrated Investment Life Cycle is how to match the individual 
decisions we are making at program levels to the broader 
Department needs and how they are addressing their overall 
capability gaps.
    Mr. Keating. Did you want to comment on that, Mr. 
Borkowski?
    Mr. Borkowski. Certainly, sir.
    When we go to--and this is why the Integrated Life Cycle 
Management is so important. Because when we go to a--and the 
development of that and the maturation and rhythm of it. When 
we go to a decision about allowing an acquisition to proceed, 
we look at what we think that acquisition will cost and we look 
at projections of the budget in the out-years, and we make 
decisions based on that point in time.
    After that decision is made, those budget assumptions 
change. There is not something in the acquisition decision 
process that forces a reconsideration of the decision based on 
that. It is at this point very much dependent on program 
managers who, by the way, we still need to train.
    So the Department response to that is to establish this 
integrated life-cycle management so that budget decisions are 
linked--they are not handled independently and the interactions 
between them are considered. We are not all the way there yet. 
But that is one of the reasons we need that initiative.
    In the mean time, all that I can do as a CAE is watch the 
program managers and make sure that as I identify those issues, 
that I raise them as appropriate. For example, we are about to 
do that with the integrated fixed towers. There are budget 
changes since we approved that program. We will bring that back 
to the Department.
    Mr. Keating. Great.
    Mr. Nayak--it is interesting, Mr. Nayak said he was going 
to move to Massachusetts, not Texas.
    Mr. Nayak. I was born in Massachusetts.
    Mr. Keating. Mr. Nayak, you mentioned, too, the need for 
resources in procurement itself. Do you want to be specific on 
that so I know exactly what you mean?
    Mr. Nayak. Yes. So a little bit less than 2 years ago, I 
arrived at the Department. One of the first things you want to 
get your hands around is, okay, what is in the contracting 
workforce? Well, at DHS, it is about 1,453 contracting people, 
and they are holding up $14 billion worth of contracts, 100,000 
contract actions.
    Just a little bit more about the environment. The 
predominance of buying happens in the second half of the fiscal 
year. It is a tremendous lift for that many people. So we have 
set in motion an initiative to create a staffing model using 
workload data to see how many contracting people--and 
contracting being one sliver of the acquisition workforce. We 
have spent a lot of this hearing talking about the program 
management side of acquisition. In any event, the model shows 
us that--and very clearly shows us that we do need more 
resources to get done what we are doing.
    At the same time, look, we understand the fiscal 
environment. We understand where it possibly could go to. What 
are we doing within our lane even though we are armed with this 
information and would work with the committee and everybody 
else to one day possibly get more resources?
    We just have a very clear way of leading in procurement. I 
have summarized it in a first-ever strategic plan where I have 
four priorities for all of the 1,453 contracting employees, and 
it has been communicated very clearly. Mr. Hutton alluded to 
it. It basically is this:
    Quality people. You have got to have good contracting 
people.
    Quality contracting. There is basically everything but the 
kitchen sink that we have to perform while we are trying to get 
a good deal for the American taxpayer. You had mentioned small 
business, strategic sourcing, buying green. There is just a 
number of other things that we have to measure.
    Quality program support. We are not in the business of just 
contracting at DHS. We are contracting support programs that 
protect the country.
    The last one is effective engagement with industry. If we 
are spending $14 billion, we need to engage industry early and 
often and even outside of the procurement process.
    I have four priorities, 30 initiatives, 66 metrics to 
actually see how we are doing in the contracting lane from year 
to year. I would be happy to share more of that with you. But, 
with respect to staffing, we know we need more people, and we 
have the data to prove it.
    Mr. Keating. This is a thought: People I have talked to in 
the private sector are talking a lot about using the Cloud and 
being able to be to communicate almost real-time, almost the 
way they are with social networking. Only it would seem to me, 
with so many programs and so many managers, that that kind of 
technology would be very cost-effective and effective at 
dealing with it, rather than waiting for a GAO report every 
couple of years or that kind of oversight. Something that is 
more live-time. Something that can be integrated that way. Is 
that something that you are considering?
    Because it is much more cost-effective, but it also has the 
ability to have everyone communicating with each other, so you 
know which programs might be having a problem and you can 
move--you are not waiting until, you know, periods of fiscal 
instability. You are not waiting for this. Are you considering 
that kind of technology?
    Mr. Nayak. Yeah. Thank you for the question, and I would 
love to explore it a little bit more with you to get a better 
understanding of what you are sharing.
    Certainly we are using social technology in a number of 
areas, all of us are, for specific reasons. If I think I am 
understanding your point, it would be to make sure that we all 
have the same information. If, in fact, that is the point, we 
almost have the tools now to do that. I am a big fan of it.
    I love the fact that, for the first time ever, I think we 
can, in the Department, with respect to our programs, be very 
transparent with Congress, with OMB, with our components, and 
at a Departmental level, because we know we are all in this 
together. So I would love to explore that a little further.
    Mr. Keating. Because I think that, as Mr. Borkowski was 
mentioning, too, don't be afraid of scrapping a program or 
going back to point one. Well, why wait that far down the 
continuum to make the decision? If you are communicating all 
the way through, you may not have to wait until that point to 
say, I will have to start this from the beginning. You will go 
at an earlier stage and can manage your resources. That was the 
thought behind that.
    Mr. Borkowski, on a human sense, we have had other hearings 
in our committee. One of the recurrent themes that we have had 
you have touched upon a little bit and that is the idea of 
preparing successors. You know, there seems, from the personnel 
standpoint, such a movement of people. You are dealing with 
program--you know, people looking at programming. One of the 
things you mentioned is the difficulty with those people and 
their training. What can be done?
    You know, in terms of changing the climate, I get a sense 
that that climate is changing. People are more attuned to 
preparing a successor after themselves. But could you comment? 
That seems to be something that has come up at other hearings 
as well.
    Mr. Borkowski. Yes, sir. Thank you for the opportunity, 
because that is a huge issue.
    We have big programs, and we have smaller programs. We 
spend a lot of time on the big programs, and those are the 
programs that generally need the more skilled people. When you 
don't have those skills, you try to train them. Well, frankly, 
this takes experience, and there is no substitute for 
experience.
    Now in the near term, things like the Decision Support 
Tool, which will lead to this Cloud kind of awareness you are 
talking about, and the Centers of Excellence help us augment 
and reinforce those people. The interesting thing is there are 
succession management plans.
    DHS has a wonderful internship program that has brought in 
some extremely qualified, talented new people, a very 
impressive program, very impressive people, people with masters 
degrees. They come in for a 3-year internship. DHS pays for 
them for 3 years, and then we bring them on-board.
    The other thing that I am finding, which is something that 
we need to tap into, those smaller programs that don't get 
attention, the so-called level 3 programs which even Dr. Nayak 
may not get good insight into. We are starting to review those 
at my level. What I am seeing there is, that is the bench 
strength, right? Those are the people that will become the 
level 1 and level 2 program managers.
    In the past, we haven't been very conspicuous about that. 
We haven't thought about that. Those are people who kind of 
accidentally got appointed. The program is fairly small, but 
they are fairly talented. We now have the ability to talk with 
those people, to watch those people, to mentor those people so 
that we can grow a pipeline of program managers from our own 
bench strength. So there is a lot going on in that regard.
    The Centers of Excellence give us immediate reinforcement. 
The governance structure we have put in place gives managers a 
better way of assessing whether the big program managers are in 
place. The DHS intern program is wonderful and is bringing in 
wonderfully talented people. Our own bench strength that we 
haven't recognized in the past, this process allows us to 
capture.
    Mr. Keating. Those internship programs are done with 
academic institutions?
    Mr. Nayak. Actually, what happens is it is a competitive 
program. People apply for it. So they have generally graduated. 
This is their first employment, in many cases. Some of them 
have other experiences. But it is an extremely competitive 
program.
    It is wonderful, by the way, to see these talented people 
who are taking positions in the Federal civil service starting 
at a relatively low grade, frankly, compared to their degrees 
and experiences. With 3 years, they get promoted automatically 
up to the GS-12 level, and they are noncompetitively eligible 
to go to GS-13. So it is a wonderful program. But it is not 
with academic. It is our own program that DHS has created, and 
it is a wonderful program.
    Mr. Nayak. If you don't mind, I will just add to that, 
because I actually own the program.
    We have 166 participants in the program, and I really 
appreciate Mark's enthusiasm and support. Because it really is 
one of these One DHS things that we are doing.
    I hire the 166. They have a 3-year rotational program, 
solid training. Frankly, we are understating what we do in 
terms of training our people, although I do 100 percent agree 
with Mark. In order to get the skill, you need experience. You 
need knowledge and skill.
    But, for instance, in the Government, OMB essentially says 
for the acquisition workforce you have got to have a 
certification program for your contracting people, for your 
program managers, and what we call your contracting officers 
representatives.
    We have gone beyond that at DHS. We have got cost 
estimating certification systems, engineering test and 
evaluation, life-cycle logistics. All of these certifications 
are available, actually, to all members of the DHS acquisition 
workforce. But certainly the 166 that we have now in what we 
call our acquisition professional career program have access to 
that.
    Yeah, it really is second to none, at least in the civilian 
side of Government.
    Mr. Keating. Great.
    Mr. Hutton.
    Mr. Hutton. Thank you, Mr. Keating.
    I just wanted to kind of add on to the points made and also 
build on a question I think the Chairman had earlier about, you 
know, why has it been difficult for the execution? I think 
resources was one of the points that I made.
    It is interesting to note, in our report, we highlight 
seven of the main key initiatives that we see that the 
Department is trying to undertake; and, by my count, there are 
about five that I would say get at the resource issue. One has 
to do with the acquisition workforce development, as we have 
been talking here. One is the program management core.
    We were just talking earlier about the other--not just the 
contracting people but the people that have the technical skill 
to support a program office. That is one area where I believe, 
as we conducted our work, the Department at that time 
identified about 150 positions that were at a critical level.
    I think the Centers of Excellence, as Mr. Borkowski and Dr. 
Nayak have mentioned, is another way to leverage in the 
knowledge and skills they have, but they are trying to make 
that available to others, as well as the component acquisition 
executive structure.
    But for each of those initiatives, the point we made out 
was--and, as I said earlier, you know, going forward, they are 
pragmatic, they make sense. But for each of them I think we 
still identified one of the questions is the capacity to 
execute those initiatives and have the resources do it. But I 
do think they are targeting some of the areas that you raised 
the question, sir.
    Mr. Keating. Okay. Great.
    With that, I yield back my time. Thank you.
    Mr. McCaul. I thank the Ranking Member.
    I want to also pick up on a point that the Ranking Member 
made about, you know, the idea of an IT Cloud, a private Cloud 
with--and this is like a giant merger--as you know, 22 
different companies essentially.
    In the House, we have a private IT Cloud, and there are 
some cybersecurity issues. I think actually it strengthens 
that. So I think that would just make imminent sense for the 
Department to, in the near future, move towards the idea--
because I think that would help facilitate the integration and 
the One DHS policy that you have.
    So, with that, just let me say that I think this has been a 
very productive discussion. I think the Department has made 
progress. I look forward to--hopefully next year--this 
committee hearing even better things. But you certainly have 
your work cut out for you and a big challenge ahead of you, and 
we want to work with you to help you in that.
    So, with that, this committee now stands adjourned.
    [Whereupon, at 10:20 a.m., the subcommittee was adjourned.]


                            A P P E N D I X

                              ----------                              

        Question From Chairman Michael T. McCaul for John Hutton
    Question 1a. One of the Department's key oversight tools is its 
Program Accountability and Risk Management (PARM) office.
    Based on your assessment, what impact has PARM had in improving 
acquisition outcomes and requiring programs to adhere to DHS 
acquisition policy?
    Question 1b. Is the taxpayer receiving a decent return on its 
investment in PARM?
    Answer. In November 2008, we reported that DHS invested billions in 
major programs without providing appropriate oversight. Specifically, 
we found that staffing had not been sufficient to review investments in 
a timely manner and recommended that DHS identify and align sufficient 
management resources to implement timely oversight reviews throughout 
the investment life cycle.
    In response, DHS established the Acquisition Program Management 
Division and a Cost Analysis Division, and stated it would eventually 
increase staff for these offices to a total of 58 personnel. In 2011, 
DHS combined the two divisions and established the Office of Program 
Accountability and Risk Management (PARM), with responsibility for 
DHS's overall acquisition governance process. In February 2012, PARM 
officials told us that they had 46 positions available, and expected to 
gain another 10 positions during fiscal year 2012. PARM officials also 
told us that they had enough resources to hold oversight reviews when 
components request them. DHS has elevated PARM to report directly to 
the under secretary for management.
    We believe the recent steps taken will help position DHS to 
implement its knowledge-based acquisition policy more consistently in 
the future and reduce the risk that major acquisitions will perform 
poorly. Our survey of program managers conducted from January to March 
2012 found that program officials valued PARM's services. Seventy-five 
percent of survey respondents (49 of 65) reported that they used PARM 
or its predecessor office as a resource; and of this group, 94 percent 
found the support to be somewhat to very useful. Further, we are 
encouraged that PARM officials have told us they would no longer 
advance programs through the acquisition life cycle until DHS 
leadership verified the programs had developed critical knowledge. 
However, our September 2012 report shows that PARM and DHS must 
overcome significant challenges moving forward. For example, one of the 
PARM initiatives during fiscal year 2011 was to attain Department-level 
approval of acquisition program baselines for 19 high-priority 
programs. However, we found that only 8 of the 19 programs had current, 
Department-approved baselines as of September 2012. In addition, nearly 
all the program managers we surveyed reported their programs had 
experienced funding instability, faced workforce shortfalls, or changed 
planned capabilities after initiation, which increased the risk of poor 
outcomes. In fact, nearly 60 percent of the programs experienced cost 
growth, schedule slips, or both. If PARM and DHS are to address the 
Department's acquisition management challenges and succeed in the long 
run, top leadership commitment and sustained implementation of its 
knowledge-based acquisition policy will be critical.
    Question From Ranking Member William R. Keating for John Hutton
    Question. We all know the Department is an operational agency with 
a significant, real-time mission, with threats that are on-going and 
ever-changing. In this context, please discuss the balance that should 
be struck between fielding new capabilities and ensuring that taxpayer 
dollars are spent in an effective manner.
    Answer. DHS has a diverse, critical, and challenging mission that 
requires it to respond to an ever-evolving range of threats. Given this 
mission, it is important DHS maintain an agile and flexible management 
approach in its day-to-day operations. However, DHS must adopt a more 
disciplined and systematic approach for managing its major investments, 
which are intended to help meet critical needs. DHS has taken some 
steps to improve investment management, but most of its major 
acquisition programs continue to cost more than expected, take longer 
to deploy than planned, or deliver less capability than promised. These 
outcomes are largely the result of DHS's lack of adherence to key 
knowledge-based program management practices, even though many are 
reflected in the Department's own acquisition policy.
    The urgency of DHS's operational needs has been a factor in how the 
Department has implemented its acquisition policy. DHS acquisition 
policy establishes several key program-management practices through 
document requirements, which are intended to provide critical knowledge 
needed to support effective decision making. However, PARM officials 
explained that DHS has permitted programs to advance without 
Department-approved acquisition documents because DHS had an 
operational need for the promised capabilities, but the Department 
could not approve the documents in a timely manner. In 2008 and 2010, 
we reported that several programs were permitted to proceed with 
acquisition activities on the condition they complete key action items 
in the future, but PARM officials told us that many of these action 
items were not addressed in a timely manner.\1\
---------------------------------------------------------------------------
    \1\ GAO, Department of Homeland Security: Billions Invested in 
Major Programs Lack Appropriate Oversight, GAO-09-29 (Washington, DC: 
November 18, 2008); Department of Homeland Security: Assessments of 
Selected Complex Acquisitions, GAO-10-588SP (Washington, DC: June 30, 
2010).
---------------------------------------------------------------------------
    We understand that there will be instances when it may be 
appropriate for DHS to pursue certain capabilities in an accelerated 
manner; however, we believe that those instances should be more by 
exception than the rule. It is essential that DHS take a more 
disciplined acquisition management approach moving forward, 
particularly as the Department must adjust to a period of Government-
wide funding constraints. Without greater discipline, decisionmakers 
will continue to lack critical information and the Department will 
likely continue to pay more than expected for less capability than 
promised, which will ultimately hinder DHS's day-to-day operations and 
its ability to execute its mission. Further, Congress's ability to 
assess DHS funding requests and conduct oversight will remain limited.
        Questions From Chairman Michael T. McCaul for Nick Nayak
    Question 1a. According to GAO's work, DHS acquisition programs 
continue to produce unreliable cost estimates.
    What steps, if any, is the Department taking to contain and prevent 
cost growth in its major acquisition programs?
    Question 1b. How is DHS improving its cost estimates to make them 
more reliable?
    Answer. Over the past 3\1/2\ years, DHS has strengthened its policy 
for approving and managing acquisition programs. In an effort to 
contain and prevent cost growth in our major acquisition programs, DHS 
has instituted a variety of measures to ensure efficiency and mitigate 
risk. In 2010, DHS implemented Acquisition Management Directive (MD) 
102-01, which requires components to demonstrate appropriate planning 
in order to receive approval for an acquisition. To ensure program 
managers are executing within cost and schedule parameters and to 
prevent potential cost growth, every program is required to receive 
approval from the Acquisition Review Board (ARB) before proceeding to 
the next phase of the acquisition life cycle, such as moving from 
development to production. A key responsibility of the ARB is to 
systematically review major acquisitions to ensure the program has 
instituted adequate programmatic risk mitigation strategies. In 
addition to ARB reviews at major milestones, DHS actively tracks and 
measures actual program performance via monthly reporting and oversight 
mechanisms such as the Comprehensive Acquisition Status Report, 
Quarterly Program Accountability Report, and Exhibit 300. This 
oversight provides an early alert to potential problems, such as cost 
growth or requirements creep, and, as a result, the Department can take 
corrective action by engaging the component or program.
    As a result of these oversight processes, the under secretary for 
management (USM) is able to direct improvements to inadequate program 
plans before allowing them to proceed. One specific example is the U.S. 
Immigration and Customs Enforcement (ICE) TECS Modernization program. 
As a result of a regular ARB program review, the USM halted the program 
and directed the ICE to re-baseline and effectively scope requirements. 
This ARB-directed pause for rebaselining resulted in a cost avoidance 
of roughly $46 million in operations and maintenance over the previous 
cost estimate. By the consistent application of policy and governance 
through the regular ARB review process, DHS has institutionalized a 
repeatable acquisition discipline. The result is better-performing 
programs and more reliable diagnostics to monitor decisions or actions 
that may lead to unplanned cost growth.
    The Department has implemented several improvements to the quality 
and reliability of the cost estimating discipline across DHS. In 2011, 
the USM established the Cost Estimating & Analysis Center of Excellence 
(CE&A COE), through the Office of Program Accountability and Risk 
Management (PARM), to provide best practices and guidance for 
development of all cost estimates and cost analyses in the Department. 
The COE has identified and obtained best-in-class cost estimating tools 
and standardized operating models that have been disseminated to the 
components. By providing cost estimating subject matter expertise to 
assist DHS components and program managers, the number of DHS-approved 
Life Cycle Cost Estimates (LCCEs) has significantly increased over the 
last year which allows DHS to better articulate required funding needs 
and more effectively ascertain impacts to program scope should budget 
cuts be required.
    The COE has developed and implemented a LCCE scorecard to 
systematically analyze the quality of LCCEs based on best practices 
identified by the GAO. The TECS Modernization system, as evidenced in 
their rebaselining efforts, exemplifies the value of both the scorecard 
and COE support to develop a reliable LCCE.
    DHS has also increased the number of Level III Certified Cost 
Estimators by 50 percent. Level III, the highest level certification, 
represents a senior level mastery of the knowledge and skills 
associated with the complexities of cost estimating. DHS is 
institutionalizing the cost estimating discipline across the Department 
by embedding experienced certified cost estimators into major 
operational components via the CE&A COE.
    These cost estimators provide consistent application of GAO best 
practices and establish cost estimating standard operating procedures 
at the component level. In addition to the added focus on 
accountability, risk, and oversight through the establishment of PARM, 
the changes have significantly enhanced the maturity of the Department, 
particularly in this discipline. These tools and practices provide a 
robust foundation upon which to build a culture of cost estimation 
within DHS which, in turn, increases the reliability of cost estimates 
across the Department.
    Question 2a. GAO reported that frequently the original capabilities 
for a program are changed. This can lead to cost overruns and schedule 
delays down the road.
    In your view, how critical is it to keep capabilities stable?
    Question 2b. Does DHS prefer to use an incremental approach to 
acquiring capabilities (fielding needed capabilities in steps)? If so, 
what is the impact of changing capabilities midcourse?
    Answer. The Department acknowledges that major acquisition programs 
must be properly structured to maintain a stable set of requirements 
for capabilities, yet be flexible enough to adjust to changes. This is 
particularly important given the adaptive nature of America's 
adversaries and the limited predictability of natural disasters.
    Management Directive (MD) 102-01 establishes the Department's 
acquisition life-cycle framework. The Department does view capability 
definition as foundational in defining an acquisition program. Each 
step of the life-cycle framework builds on defining a mission need and 
capability gap. This standardized framework begins with a component or 
program defining their mission need and capability to be developed. The 
next phase builds on defining the capability definition by analyzing 
alternatives, cost, and defining operational requirements for a 
capability gap. Once an alternative for delivering a capability has 
been approved, then a program proceeds with acquiring that capability. 
This could result in leveraging an existing capability, expanding 
existing capability, or acquiring the capability. Each phase of the 
acquisition life cycle is systematically reviewed and approved by the 
Acquisition Review Board (ARB).
    At an early phase in the life cycle the program is reviewed by the 
ARB for formal approval as a program of record. At this point the ARB 
is looking to verify that the potential acquisition has sufficiently 
well-defined operational requirements, a preferred solution set that is 
balanced, effective, and achievable, a complete life-cycle cost for 
that solution set and complete acquisition and support plans. The 
aforementioned are documented in what is known as the Acquisition 
Program Baseline (APB). The APB establishes the baseline cost, 
schedule, and performance parameters for the program and related 
projects. In practical terms, the APB is the ``contract'' between the 
Acquisition Decision Authority (ADA) and the component on what will be 
delivered, how it will perform, when it will be delivered, and what it 
will cost. Should a program or project fail to meet any cost, schedule, 
or performance threshold in the APB the Program Manager must submit a 
remediation plan to the Department within 30 days explaining 
circumstances of the breach and proposing corrective action. Within 90 
days of the breach the program should be either be back within approved 
APB parameters; undergo a re-baseline of the breached parameters and 
have a new APB approved or partake in a program review with the ADA to 
review any proposed baseline revisions and recommendations.
    In addition to establishing an APB early on in a program's life 
cycle the ARB also reviews the approach to delivering capability as 
described in the Acquisition Plan. Distinct capabilities require 
different approaches to delivering capability to support the mission 
need. The acquisition review process reviews each program's delivery 
approach, and when appropriate approves incremental delivery. 
Incremental delivery being defined as limited production releases. For 
example, the Department routinely fields domain awareness assets (e.g., 
ships and aircraft) on a limited production release basis. This 
approach for large complex domain capabilities allows the Department to 
reduce development and deployment risk (e.g., by refining requirements 
or increasing the maturity of technologies prior to full production). 
Another example where a limited release approach is being used within 
Department is for certain IT system development programs. The use of 
this acquisition approach for IT systems is guided by OMB Circular A-
11. In general, capabilities are acquired and developed in useable 
segments to minimize financial and operational risk. For its IT 
programs, the Department has adopted OMB's ``25 Point Plan to Reform 
Federal Information Technology Management.'' The Plan allows 
organizations to provide end-users with an early opportunity to 
influence the solution before the product is released (i.e., agile 
development). DHS will leverage agile development to shift investment 
decisions from an inefficient, inflexible choice among projects to the 
management of business benefit.
    For IT programs using this approach, capabilities are delivered as 
smaller and limited chunks of functionality. DHS has already realized 
benefits in risk and cost reduction, faster time to field, and better 
fit of IT systems to mission needs where this approach has been 
adopted. For IT projects, collaboration and use of agile methodologies 
allows for production-ready code at the completion of each iteration; 
unit testing in each iteration; and, openness to business partner 
feedback and reprioritization. One such success story at DHS is the 
U.S. Immigration and Customs Enforcement (ICE) Criminal Alien 
Identification Initiative (CAII).
    The CAII Program Office adopted an agile approach to Systems 
Development in 2011 and it has continued to mature its development 
practices. The CAII Program Office has been successful in shortening 
the ``time to market'' for releases (time-boxed releases) and has 
reduced overall program development cost and schedule variances. The 
CAII Program Office uses small, highly skilled, and very efficient 
development teams that focus on developing working, production-worthy 
code. At any one time, the development teams are responsible for only a 
small number of documents, freeing up time for actual development. The 
Scrum Master, Information Technology Program Manager (ITPM), and 
Planning Team are responsible for mitigating any obstacles to efficient 
coding.
    As a result of these activities CAII has successfully delivered 
three ``major'' releases in a shortened time frame. With the agile 
approach, mistakes, when made, are smaller and benefits are realized 
sooner. CAII development was originally estimated to cost $60 million 
over 5 years. To date, 13 months and $5 million have been spent on CAII 
and the Program Office now projects a total cost of $12 million and 
completion within 2 years.
    No matter what delivery approach a program recommends, the ARB 
process has defined milestones to evaluate whether proper program 
planning has occurred to effectively deliver necessary capability. In 
the event of new circumstances (e.g., new threat, disaster, etc.), the 
ARB will conduct reviews to re-evaluate the program and make changes 
needed to improve the probability of capability delivery. This was the 
case for the USCIS Transformation program, where the approach approved 
in fiscal year 2010 did not result in capability delivery. The revised 
strategy required the program to use an agile development approach with 
smaller and more frequent capability delivery. Currently, the program 
has delivered more capability within the last year than in the previous 
4 years combined. Further, the availability of improved data allows for 
greater ability to identify risks and resolve them before they become 
issues. This is accomplished through the Decision Support Tool (DST) 
which provides cost/schedule/performance data for senior decision 
makers. The DST serves as an early warning or trigger mechanism.
     Question From Ranking Member William R. Keating for Nick Nayak
    Question. How are the Centers of Excellence and the Decision 
Support Tool making an impact on the implementation of acquisition 
policy and procedures at the component level?
    Answer. In the past year, eight COEs have been established to 
reduce risk and improve program performance by supporting programs 
throughout their life cycle. To reduce risk, each COE reinforces 
compliance with the Department's acquisition policy by providing expert 
counsel and training to components. The COEs also develop clear, plain 
language guidance on how to execute and institutionalize DHS 
acquisition policy within the component.
    In fiscal year 2012, the Cost Estimating and Analysis Center of 
Excellence (CE&A COE) worked collaboratively with the U.S. Immigrations 
and Customs Enforcement (ICE) to develop and deploy nine training 
modules on cost estimating based on GAO best practices. This training 
has inspired ICE to develop and implement a Cost Estimating toolkit to 
aid its program managers with developing Life Cycle Cost Estimates 
which further institutionalizes the cost estimating discipline within 
ICE.
    The DST, taking information from the Department's source systems, 
is recognized as the principal program reporting tool across the 
Department. It provides essential information to the ARB and other 
decision makers throughout the life cycle of major acquisitions. In the 
past 2 years, component participation has increased from 39 percent to 
97 percent. Components such as TSA, ICE, and USCG are augmenting their 
governance procedures by using reports generated from the DST to inform 
their internal reviews and governance activities. The use of the DST 
within the components promotes the integration of critical business 
information into operational activities and decision making. The DST 
has also proven to be an effective tool for increasing the accuracy and 
timeliness of major acquisition program data to track performance and 
inform decisions by the ARB.
    Additionally, the CE&A COE has worked with DHS Program Analysis and 
Evaluation (PA&E) to develop policy that requires Component Senior 
Financial Officers to certify the accuracy of key financial 
information, including program execution, budget, and out-year funding 
information.
    Program managers must validate that their program is fully 
resourced throughout the 5-year resource plan. If the acquisition is 
not fully resourced, the component must identify the trade-offs 
necessary to fund the acquisition within existing resources). Part of 
the trade-off analysis examines the impact of reducing performance or 
schedule to make the acquisition affordable.
   Questions From Chairman Michael T. McCaul for Karen Shelton Waters
    Question 1a. Earlier this year, GAO reported that TSA did not fully 
follow DHS acquisition policies when acquiring Advanced Imaging 
Technology--commonly referred to as full-body scanners that identify 
objects or anomalies on the outside of the body--which resulted in DHS 
approving deployment of AIT without fully knowing TSA's revised 
specifications. GAO also said that TSA failed to receive approval from 
DHS on how it would test AIT machines before deployment began.
    Why did TSA circumvent the Department on AIT?
    Answer. The Transportation Security Administration (TSA) did not 
circumvent the Department of Homeland Security (DHS), or its policies, 
on Advanced Imaging Technology (AIT). DHS Acquisition Management 
Directive 102-01 provides the overall policy and structure for 
acquisition management within DHS, the DHS Acquisition Lifecycle Review 
Framework, and additional management procedures and responsibilities 
that augment existing policies, regulations, and statutes that govern 
the procurement and contracting aspects of acquisition. Directive 102-
01 was issued as an interim policy in November 2008. By September 2009, 
implementation of the requirements of Directive 102-01 interim policy 
was still immature both at the Department and TSA, to include the 
process for requirements change notifications to acquisition management 
authorities. As a result, TSA did not document or process the 
notification, mentioning the change verbally at the DHS Acquisition 
Review Board in September 2009. Test and Evaluation Directive 026-06 
prescribes implementing policies and procedures and assigns 
responsibilities for Test and Evaluation activities to be performed 
throughout the system acquisition process. Regarding the GAO finding 
that TSA failed to receive approval from DHS on the AIT test plan, the 
Test and Evaluation Directive 026-06 that required this approval was 
signed in May 2009, and since planned testing was already under way at 
this time, TSA was unable to delay the project without major 
ramifications occurring.
    Question 1b. What impact did this decision have on the capabilities 
of these machines?
    Answer. The failure to go through the formal requirements change 
process did not affect the capabilities of the Advanced Imaging 
Technology (AIT). Typically, acquisition authorities at DHS do not 
determine what the requirements should be, because they are not the 
operational experts. Instead, these authorities are primarily concerned 
about requirements being properly stated, coordinated with the right 
people, and validated before significant investment is made in pursuing 
a system that meets them. Threats to aviation are dynamic and 
constantly evolving to include non-metallic threat objects and liquids 
(for example, explosives) carried on persons. AITs offer a significant 
increase in detection capabilities for non-metallic threats previously 
not mitigated by walk-through metal detectors and provide the best 
opportunity for mitigating these threats, as well as balancing security 
effectiveness, operational efficiency, throughput, passenger 
satisfaction, and privacy.
    Question 1c. Has TSA taken steps to ensure this does not occur in 
the future?
    Answer. TSA's internal acquisition processes and workforce are in 
alignment with DHS policy. TSA fully complies with DHS acquisition 
policy and ensures Program Management Offices adhere to the processes, 
ensuring compliance with the letter and intent. Numerous TSA 
Acquisition Review Boards, continual reviews of key acquisition 
management documents, and continual coordination internally in TSA and 
externally with DHS provide management controls and adequate oversight.
    Question 2. Is DHS's acquisition policy achievable? How could the 
Department better ensure programs at the component-level adhere to the 
policy?
    Answer. Yes, the Department of Homeland Security's (DHS) 
acquisition policy is reasonable and achievable. In the past 4 years, 
the Transportation Security Administration (TSA) has made great strides 
towards understanding and implementing the DHS's acquisition policy, 
and adequate governance processes are in place. In addition, DHS and 
TSA derive significant benefit from an increase of qualified 
acquisition personnel assigned within the governance offices.
    Question 3. What steps has TSA taken to ensure a failure like the 
puffer machines does not occur in the future?
    Answer. As noted previously, improvements in compliance and overall 
maturation in the areas of acquisition management, requirements 
generation, and testing and evaluation will help ensure that quality 
products are delivered to the field to support the Transportation 
Security Administration's (TSA) aviation security mission. In 
particular, the TSA follows a robust test and evaluation process for 
all of its technology procurements. This includes both developmental/
technical testing--and operational testing in the field environment, to 
ensure all checkpoint screening technologies are assessed as to 
operational effectiveness and suitability prior to full rate production 
decisions or wide-scale use--in airport settings. TSA also conducts 
additional testing activities at its TSA Systems Integration Facility 
(TSIF), which began operations in January 2009. TSA designed the TSIF 
to serve as a simulated, but representative, operational environment in 
which to test and evaluate security technologies without interfering 
with airport operations. This capability did not exist when TSA 
purchased the puffer machines, which went from laboratory testing to 
field deployment. Additionally, in 2009, the Department of Homeland 
Security issued Management Test and Evaluation Directive 026-06 to 
prescribe implementing policies and procedures and assigns 
responsibilities for Test and Evaluation activities to be performed 
throughout the system acquisition process. Management Directive 026-06 
also establishes DHS oversight of components. The TSA Passenger 
Screening Program strictly adheres to this policy in its program 
execution and follows the processes defined within it. The elements 
within the test planning and execution process ensure that operational 
tests and evaluations have been successfully completed before deploying 
checkpoint screening technologies to airport checkpoints.
   Question From Ranking Member William R. Keating for Karen Shelton 
                                 Waters
    Question. To date, how many programs have moved through the review 
and approval process under the Program Accountability and Risk 
Management Office? What are the dollar thresholds for these programs?
    Answer. The Transportation Security Administration (TSA) has 11 
major acquisition programs with the Department of Homeland Security 
(DHS)'s Program Accountability and Risk Management (PARM) oversight. 
Four programs have completed the TSA acquisition process and portions 
of the DHS PARM acquisition review process. Seven programs were in full 
operational sustainment prior to the initiation of the DHS Acquisition 
Management Directive 102-01-001 acquisition policy, and therefore, have 
not been through the DHS PARM process. Acquisition Management Directive 
102-01-001 are instructions which complement Acquisition Management 
Directive 102-01. Acquisition Management Directive 102-01 provides the 
overall policy and structure for acquisition management within DHS, the 
DHS Acquisition Lifecycle Review Framework, and additional management 
procedures and responsibilities that augment existing policies, 
regulations, and statutes that govern the procurement and contracting 
aspects of acquisition.
    However, these programs have undergone reviews as part of the DHS 
Portfolio Review process, internal program status assessments, and 
Office of Management and Budget Exhibit 300 preparation, review, and 
submission. As these programs initiate actions or initiatives that make 
it appropriate to do so, the TSA Component Acquisition Executive will 
engage with PARM to arrange for the appropriate reviews to take place. 
All of these 11 major TSA acquisition programs have been determined to 
meet the Directive 102-01-001 criteria identifying them as Level 1 & 2 
programs. (Note: Level 1 = Life Cycle Cost at or above $1 billion, 
Level 2 = Lifecycle Cost $300 million or more, but less than $1 
billion).
   Question From Ranking Member William R. Keating for Mark Borkowski
    Question. How is the Office of Technology and Innovation, which you 
created, working to ensure that CBP personnel understand the 
Department's management integration initiatives and their roles in 
implementing procurement procedures? What types of outreach and 
training for staff are being offered?
    Answer. U.S. Customs and Border Protection's (CBP) philosophy 
espouses that acquisition (e.g., from cradle to grave) governance 
requires cooperation and participation among the Component Acquisition 
Executive (CAE), Chief Information Officer (CIO), and Head of 
Contracting Activity (HCA). Though each has defined roles and 
responsibilities unique to their respective positions, each recognizes 
the need for, and enforces collaboration in acquisition program 
governance.
    In keeping with the philosophy of cooperation and participation for 
acquisition governance, CBP's Program Lifecycle Process (PLP) Guide was 
signed by Mr. Armstrong, CIO; Mr. Gunderson, HCA; and Mr. Borkowski, 
CAE on Friday, March 30, 2012. The Program Lifecycle Process (PLP) 
Guide presents a unified governance process for all CBP programs and 
implements the DHS acquisition policy directive, D-102 within CBP. All 
programs and projects (including capital assets and enterprise 
services) are managed through a consistent governance process that 
allows leadership to make informed decisions about where money is being 
invested and what is being acquired. Efficient governance processes 
allow Program Managers (PMs) to maximize program success, navigate 
governance processes, and deliver much-needed capability to end-users. 
To this end, the CBP PLP Guide integrates investment, acquisition, 
enterprise architecture, and systems engineering governance to the 
fullest extent possible. CBP policies implementing D-102 and defining 
roles and missions of acquisition stakeholders, melding of enterprise 
architecture and Systems Engineering Life Cycle (SELC) gate reviews, 
and CBP life-cycle logistics have been drafted and are currently in 
review.
    OTIA and CBP have developed a governance structure that simplifies 
and reduces the number of required program reviews while including 
participation and representation of functional and technical experts 
from across key CBP offices. Additionally, senior leaders in 
acquisition at the Department level are involved at critical decision 
events. A streamlined acquisition investment review board (IRB) has 
been defined, tailorable based on Acquisition Level of a specific 
program. CBP's acquisition triad has initiated twice-yearly acquisition 
reviews of all CBP programs with CAE/CIO/HCA and DHS Program 
Accountability and Risk Management (PARM) office participation. The 
CAE's support staff conducts quarterly program manager off-sites to 
share information, provide training, and strengthen the acquisition 
core. OTIA's Acquisition Guidance and Analysis Directorate (AGAD) 
offers training to individual program management offices, two of which 
have taken advantage of this training to strengthen their staffs and 
program expertise.
    CBP is moving away from short-sighted annual budget processes to 
long-term (multi-year) strategies for acquiring and supporting 
capabilities; establishing the framework for agency level 
prioritization of needs with solutions, with the first extensive 
bottoms-up build of Resource Allocation Plan (RAP) conducted for fiscal 
years 2014-2018.
    CBP is changing the organizational culture of submitting ill-
prepared requirements to procurement. Using procurement tools such as 
Contract Performance and Reporting System (CPARS), helps improve vendor 
performance and responsiveness through accountability. The procurement 
function is an integral part of acquisition processes--including 
procurement actions early in the acquisition planning process. OTIA, in 
coordination with the HCA, established Contract Review Boards (CRBs) to 
effect early coordination of acquisition planning with commensurate 
procurement planning. As a proven best practice, implementation of the 
CRB throughout CBP is in progress.
    Top priorities are to increase quality and effectiveness of the 
acquisition workforce by supporting CBP's professional Acquisition 
Corps development. Current scope for Acquisition Workforce (AWF) 
improvement includes on-going Training & Development (T&D), support for 
DHS certification attainment, Continuous Learning (CL) achievement/
maintenance, piloting a Succession Planning & Talent Management process 
for Acquisition Program Management Office (PMO) staffing, designation 
of acquisition positions with flags in human resource systems, and 
correlation of Position Descriptions (PDs) properly classified to 
support hiring and retention of acquisition professionals to improve 
mission outcomes.
    OTIA's Acquisition Support Division manages acquisition and 
procurement-specific workshops conducted weekly using a portfolio of 1-
hour introductory modules to provide just-in-time acquisition training 
in a continuous learning environment. OTIA's Acquisition Management 
Division is working jointly with Procurement to deliver ``Procurement 
102'' training/workshops; building on next level from ``Procurement 
101'' training developed/delivered beginning in fiscal year 2010; 
delivering over 50 classes Nation-wide to over a thousand CBP employees 
in fiscal year 2010 and fiscal year 2011. OTIA and Procurement jointly 
developed and began delivery of Procurement 102, providing 14 training 
sessions in fiscal year 2012, across the country, for program and 
procurement personnel to enhance planning and quality of procurement 
request packages. An ``Acquisition Planning'' workshop was presented 
this past week, which we are mapping to DHS MD102.
    CBP currently has 1,256 certified AWF professionals in all eight 
certification career disciplines, as detailed below. Two-hundred 
eighty-five Total CBP Acquisition Professional Certifications were 
processed in fiscal year 2012, and maintained 92.6% Total CBP 
Continuous Learning Achievement for 1,233 CBP AWF professions with DHS 
certification.

------------------------------------------------------------------------
                                                           DHS Certified
                                                           Professionals
              DHS Certification Discipline                  (as of 9/4/
                                                             2012 from
                                                              FAITAS)
------------------------------------------------------------------------
Contracting Officer's Representative (COR)..............             737
Acquisition Program Manager (PM)........................             318
Contracting Officer (CO)................................             157
Life Cycle Logistics (LCL)..............................              16
Test & Evaluation (T&E).................................              14
Program Financial Management (PFM)......................               9
Systems Engineering (SE)................................               5
Business Cost Estimating (BCE)..........................               0
------------------------------------------------------------------------

    OTIA will serve as the test bed and demonstration site for 
implementation. OTIA has identified Acquisition Workforce positions 
(task completed in fiscal year 2012) and will work with Human Resources 
(HR) in fiscal year 2013 to designate those positions in HR database 
systems in fiscal year 2013. Also in fiscal year 2013, position 
descriptions will be modified for acquisition positions, working 
closely with HR classification professionals to ensure accurate, 
definitive, and standardized position descriptions are matched to the 
designated acquisition positions. Hiring to those positions and 
identification of follow on training for continuous learning 
opportunities and career development will be a continuous process. 
Focus for fiscal year 2014 and fiscal year 2015 will be to share and 
flow applicable methodology of designating acquisition positions and 
use of standardized acquisition position descriptions to program 
offices outside of OTIA. Fiscal year 2016 and fiscal year 2017's 
priorities will be to share proven methodologies to CBP acquisition 
supporting offices outside of OTIA.

                                 
